Vulnerabilities > CVE-2019-2684

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
10
Application
Redhat
2
Application
Apache
271
Application
Hp
6
OS
Redhat
17
OS
Opensuse
2
OS
Debian
2
OS
Canonical
4

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1903.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684) - OpenJDK: Leak of sensitive header data via HTTP redirect (CVE-2018-3139) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128826
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128826
    titleEulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2019-1903)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128826);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-3139",
        "CVE-2019-2684"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2019-1903)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the java-1.7.0-openjdk packages
    installed, the EulerOS installation on the remote host is affected by
    the following vulnerabilities :
    
      - OpenJDK: Incorrect skeleton selection in RMI registry
        server-side dispatch handling (CVE-2019-2684)
    
      - OpenJDK: Leak of sensitive header data via HTTP
        redirect (CVE-2018-3139)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1903
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea629bbc");
      script_set_attribute(attribute:"solution", value:
    "Update the affected java-1.7.0-openjdk packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["java-1.7.0-openjdk-1.7.0.191-2.6.15.4.h6.eulerosv2r7",
            "java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.h6.eulerosv2r7",
            "java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.h6.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1052-1.NASL
    descriptionThis update for java-11-openjdk to version 11.0.3+7 fixes the following issues : Security issues fixed : CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed: Multiple bug fixes and improvements. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124362
    published2019-04-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124362
    titleSUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:1052-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1052-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124362);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/21");
    
      script_cve_id("CVE-2019-2602", "CVE-2019-2684");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:1052-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-11-openjdk to version 11.0.3+7 fixes the
    following issues :
    
    Security issues fixed :
    
    CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal
    implementation (bsc#1132728).
    
    CVE-2019-2684: Fixed a flaw in the RMI registry implementation which
    could lead to selection of an incorrect skeleton class (bsc#1132732).
    
    Non-security issues fixed: Multiple bug fixes and improvements.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2602/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2684/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191052-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6398a264"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-2019-1052=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2684");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-accessibility-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-jmods");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-11-openjdk-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-accessibility-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-debuginfo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-debugsource-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-demo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-devel-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-headless-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-jmods-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-11-openjdk-src-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-accessibility-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-accessibility-debuginfo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-debuginfo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-debugsource-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-demo-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-devel-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-headless-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-jmods-11.0.3.0-3.21.2")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"java-11-openjdk-src-11.0.3.0-3.21.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1392-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed : CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes: Please check the package Changelog for detailed information. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125676
    published2019-06-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125676
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:1392-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1392-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125676);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:51");
    
      script_cve_id("CVE-2018-11212", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:1392-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
    Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU)
    
    Security issues fixed :
    
    CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component:
    Libraries) (bsc#1132728).
    
    CVE-2019-2684: Fixed flaw inside the RMI registry implementation
    (bsc#1132732).
    
    CVE-2019-2698: Fixed out of bounds access flaw in the 2D component
    (bsc#1132729).
    
    CVE-2019-2422: Fixed memory disclosure in FileChannelImpl
    (bsc#1122293).
    
    CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in
    jmemmgr.c (bsc#1122299).
    
    CVE-2019-2426: Improve web server connections (bsc#1134297).
    
    Bug fixes: Please check the package Changelog for detailed
    information.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122299"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132728"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132732"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-11212/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2422/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2426/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2602/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2684/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2698/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191392-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cf146377"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-1392=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-1392=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-1392=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-1392=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1392=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-1392=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-1392=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-1392=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2019-1392=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-1392=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-1392=1
    
    SUSE Enterprise Storage 4:zypper in -t patch
    SUSE-Storage-4-2019-1392=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3/4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.221-43.22.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.221-43.22.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0090_JAVA-1.7.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2422) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127309
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127309
    titleNewStart CGSL MAIN 4.06 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0090)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-10 (Oracle JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Oracle&rsquo;s JDK and JRE software suites. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127959
    published2019-08-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127959
    titleGLSA-201908-10 : Oracle JDK/JRE: Multiple vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190422_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)
    last seen2020-03-18
    modified2019-04-23
    plugin id124235
    published2019-04-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124235
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20190422)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1782.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id124777
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124777
    titleDebian DLA-1782-1 : openjdk-7 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0778.NASL
    descriptionFrom Red Hat Security Advisory 2019:0778 : An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124135
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124135
    titleOracle Linux 7 : java-11-openjdk (ELSA-2019-0778)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0790.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124241
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124241
    titleCentOS 6 : java-1.7.0-openjdk (CESA-2019:0790)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0778.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124138
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124138
    titleRHEL 7 : java-11-openjdk (RHSA-2019:0778)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1269.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2769) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2019-2816) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2762) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2019-2842) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2019-2745) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). (CVE-2019-2786)
    last seen2020-06-01
    modified2020-06-02
    plugin id128285
    published2019-08-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128285
    titleAmazon Linux 2 : java-1.8.0-openjdk (ALAS-2019-1269)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190417_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) Bug Fix(es) : - assert failure in coalesce.cpp: attempted to spill a non-spillable item
    last seen2020-03-18
    modified2019-04-19
    plugin id124185
    published2019-04-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124185
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20190417)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1327.NASL
    descriptionThis update for java-11-openjdk to version 11.0.3+7 fixes the following issues : Security issues fixed : - CVE-2019-2602: Fixed excessive use of CPU time in the BigDecimal implementation (bsc#1132728). - CVE-2019-2684: Fixed a flaw in the RMI registry implementation which could lead to selection of an incorrect skeleton class (bsc#1132732). Non-security issues fixed : - Multiple bug fixes and improvements. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id124642
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124642
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-1327)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1163.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es) : * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125012
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125012
    titleRHEL 6 : java-1.8.0-ibm (RHSA-2019:1163)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2007.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Slow conversion of BigDecimal to long (CVE-2019-2602) - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (CVE-2018-3149) - OpenJDK: Leak of sensitive header data via HTTP redirect (CVE-2018-3139) - OpenJDK: Improper field access checks (CVE-2018-3169) - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (CVE-2019-2698) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129200
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129200
    titleEulerOS 2.0 SP3 : java-1.7.0-openjdk (EulerOS-SA-2019-2007)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0791.NASL
    descriptionFrom Red Hat Security Advisory 2019:0791 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124230
    published2019-04-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124230
    titleOracle Linux 7 : java-1.7.0-openjdk (ELSA-2019-0791)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0778.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124203
    published2019-04-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124203
    titleCentOS 7 : java-11-openjdk (CESA-2019:0778)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3975-1.NASL
    descriptionIt was discovered that the BigDecimal implementation in OpenJDK performed excessive computation when given certain values. An attacker could use this to cause a denial of service (excessive CPU usage). (CVE-2019-2602) Corwin de Boor and Robert Xiao discovered that the RMI registry implementation in OpenJDK did not properly select the correct skeleton class in some situations. An attacker could use this to possibly escape Java sandbox restrictions. (CVE-2019-2684) Mateusz Jurczyk discovered a vulnerability in the 2D component of OpenJDK. An attacker could use this to possibly escape Java sandbox restrictions. This issue only affected OpenJDK 8 in Ubuntu 16.04 LTS. (CVE-2019-2697) Mateusz Jurczyk discovered a vulnerability in the font layout engine of OpenJDK
    last seen2020-06-01
    modified2020-06-02
    plugin id125028
    published2019-05-14
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125028
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : openjdk-8, openjdk-lts vulnerabilities (USN-3975-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136109
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136109
    titlePhoton OS 1.0: Openjdk11 PHSA-2020-1.0-0290
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1238.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es) : * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125239
    published2019-05-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125239
    titleRHEL 8 : java-1.8.0-ibm (RHSA-2019:1238)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4453.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service or sandbox bypass.
    last seen2020-06-01
    modified2020-06-02
    plugin id125608
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125608
    titleDebian DSA-4453-1 : openjdk-8 - security update
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0157_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2422) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127435
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127435
    titleNewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0157)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1518.NASL
    descriptionFrom Red Hat Security Advisory 2019:1518 : An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127592
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127592
    titleOracle Linux 8 : java-11-openjdk (ELSA-2019-1518)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1439.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2019-2422: Better FileChannel (bsc#1122293). - CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed : - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125451
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125451
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1439) (Spectre)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0093_JAVA-1.8.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). (CVE-2019-2422) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127314
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127314
    titleNewStart CGSL MAIN 4.06 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0093)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1228.NASL
    descriptionVulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2697) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684)
    last seen2020-06-01
    modified2020-06-02
    plugin id125900
    published2019-06-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125900
    titleAmazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1228)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1146.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124847
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124847
    titleRHEL 8 : java-1.8.0-openjdk (RHSA-2019:1146)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190417_JAVA_11_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)
    last seen2020-03-18
    modified2019-04-19
    plugin id124184
    published2019-04-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124184
    titleScientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20190417)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1308-2.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126336
    published2019-06-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126336
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1211-2.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126440
    published2019-07-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126440
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-2) (Spectre)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0775.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124137
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124137
    titleRHEL 7 : java-1.8.0-openjdk (RHSA-2019:0775)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0791.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124242
    published2019-04-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124242
    titleCentOS 7 : java-1.7.0-openjdk (CESA-2019:0791)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1518.NASL
    descriptionAn update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es) : * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126027
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126027
    titleRHEL 8 : java-11-openjdk (RHSA-2019:1518)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0791.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124233
    published2019-04-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124233
    titleRHEL 7 : java-1.7.0-openjdk (RHSA-2019:0791)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0775.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124202
    published2019-04-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124202
    titleCentOS 7 : java-1.8.0-openjdk (CESA-2019:0775)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14059-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125336
    published2019-05-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125336
    titleSUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14059-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1438.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : - CVE-2019-2602: Better String parsing (bsc#1132728). - CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). - CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). - CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed : - Disable LTO (bsc#1133135). - Added Japanese new era name. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125450
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125450
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-1438) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1211-1.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2018-3639: fix revision to prefer PR_SPEC_DISABLE_NOEXEC to PR_SPEC_DISABLE Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124857
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124857
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1211-1) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1266.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2019-2684) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2019-2602) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).(CVE-2019-2698)
    last seen2020-06-01
    modified2020-06-02
    plugin id127819
    published2019-08-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127819
    titleAmazon Linux AMI : java-1.8.0-openjdk (ALAS-2019-1266)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0774.NASL
    descriptionFrom Red Hat Security Advisory 2019:0774 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ #1640127)
    last seen2020-06-01
    modified2020-06-02
    plugin id124133
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124133
    titleOracle Linux 6 : java-1.8.0-openjdk (ELSA-2019-0774)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1146.NASL
    descriptionFrom Red Hat Security Advisory 2019:1146 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127581
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127581
    titleOracle Linux 8 : java-1.8.0-openjdk (ELSA-2019-1146)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1644-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126167
    published2019-06-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126167
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1644-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1585.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-05-29
    plugin id125512
    published2019-05-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125512
    titleEulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2019-1585)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1165.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP45. Security Fix(es) : * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125014
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125014
    titleRHEL 6 : java-1.7.1-ibm (RHSA-2019:1165)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0775.NASL
    descriptionFrom Red Hat Security Advisory 2019:0775 : An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124134
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124134
    titleOracle Linux 7 : java-1.8.0-openjdk (ELSA-2019-0775)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0790.NASL
    descriptionAn update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124232
    published2019-04-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124232
    titleRHEL 6 : java-1.7.0-openjdk (RHSA-2019:0790)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1308-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125335
    published2019-05-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125335
    titleSUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1308-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0790.NASL
    descriptionFrom Red Hat Security Advisory 2019:0790 : An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id124229
    published2019-04-23
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124229
    titleOracle Linux 6 : java-1.7.0-openjdk (ELSA-2019-0790)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1500.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Update to 2.6.18 - OpenJDK 7u221 (April 2019 CPU) Security issues fixed : - CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). - CVE-2019-2684: Fixed flaw inside the RMI registry implementation (bsc#1132732). - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). - CVE-2019-2422: Fixed memory disclosure in FileChannelImpl (bsc#1122293). - CVE-2018-11212: Fixed a Divide By Zero in alloc_sarray function in jmemmgr.c (bsc#1122299). - CVE-2019-2426: Improve web server connections (bsc#1134297). Bug fixes : - Please check the package Changelog for detailed information. This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125698
    published2019-06-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125698
    titleopenSUSE Security Update : java-1_7_0-openjdk (openSUSE-2019-1500)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1166.NASL
    descriptionAn update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP45. Security Fix(es) : * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125015
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125015
    titleRHEL 7 : java-1.7.1-ibm (RHSA-2019:1166)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1301.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID()(CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long(CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling(CVE-2019-2684) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-30
    plugin id124397
    published2019-04-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124397
    titleEulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2019-1301)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190417_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)
    last seen2020-03-18
    modified2019-04-18
    plugin id124139
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124139
    titleScientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190417)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-0774.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ #1640127)
    last seen2020-06-01
    modified2020-06-02
    plugin id124201
    published2019-04-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124201
    titleCentOS 6 : java-1.8.0-openjdk (CESA-2019:0774)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190422_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684)
    last seen2020-03-18
    modified2019-04-23
    plugin id124234
    published2019-04-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124234
    titleScientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20190422)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1745.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Improper field access checks (CVE-2018-3169) - OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (CVE-2019-2698) - OpenJDK: Slow conversion of BigDecimal to long (CVE-2019-2602) - OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (CVE-2019-2684) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126872
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126872
    titleEulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2019-1745)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0154_JAVA-1.7.0-OPENJDK.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has java-1.7.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2602) - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). (CVE-2019-2698) - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). (CVE-2019-2684) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127429
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127429
    titleNewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0154)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136333
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136333
    titlePhoton OS 2.0: Openjdk11 PHSA-2020-2.0-0235
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1325.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es) : * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125756
    published2019-06-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125756
    titleRHEL 6 : java-1.8.0-ibm (RHSA-2019:1325)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1345-1.NASL
    descriptionThis update for java-1_7_1-ibm fixes the following issues : Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes (bsc#1134718). CVE-2019-2698: Fixed out of bounds access flaw in the 2D component (bsc#1132729). CVE-2019-2697: Fixed flaw inside the 2D component (bsc#1132734). CVE-2019-2602: Fixed flaw inside BigDecimal implementation (Component: Libraries) (bsc#1132728). CVE-2019-2684: Fixed flaw was found in the RMI registry implementation (bsc#1132732). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125461
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125461
    titleSUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2019:1345-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0774.NASL
    descriptionAn update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es) : * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ #1640127)
    last seen2020-06-01
    modified2020-06-02
    plugin id124136
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124136
    titleRHEL 6 : java-1.8.0-openjdk (RHSA-2019:0774)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1164.NASL
    descriptionAn update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es) : * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125013
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125013
    titleRHEL 7 : java-1.8.0-ibm (RHSA-2019:1164)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1219-1.NASL
    descriptionThis update for java-1_8_0-openjdk to version 8u212 fixes the following issues : Security issues fixed : CVE-2019-2602: Better String parsing (bsc#1132728). CVE-2019-2684: More dynamic RMI interactions (bsc#1132732). CVE-2019-2698: Fuzzing TrueType fonts - setCurrGlyphID() (bsc#1132729). CVE-2019-2422: Better FileChannel (bsc#1122293). CVE-2018-11212: Improve JPEG (bsc#1122299). Non-Security issue fixed: Disable LTO (bsc#1133135). Added Japanese new era name. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125023
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125023
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:1219-1) (Spectre)
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_APR_2019.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - RMI - Windows DLL Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124198
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124198
    titleOracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136100
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136100
    titlePhoton OS 3.0: Openjdk11 PHSA-2020-3.0-0084
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1209.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).(CVE-2019-2602) Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).(CVE-2019-2698) Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2019-2684)
    last seen2020-06-01
    modified2020-06-02
    plugin id125288
    published2019-05-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125288
    titleAmazon Linux 2 : java-1.7.0-openjdk (ALAS-2019-1209)
  • NASL familyAIX Local Security Checks
    NASL idAIX_JAVA_APR2019_ADVISORY.NASL
    descriptionThe version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - A flaw exists in Libraries that allows an unauthenticated, remote attacker to cause denial of service. (CVE-2019-2602) - A flaw exists in the RMI component that allows an unauthenticated, remote attacker to cause unspecified integrity impact. (CVE-2019-2684) - Flaws exist in the 2D component that allows an unauthenticated, remote attacker to take control of the system via unspecified means. (CVE-2019-2697, CVE-2019-2698) - A flaw exists in Eclipse OpenJ9 that allows an unauthenticated, remote attacker to cause denial of service. (CVE-2019-10245)
    last seen2020-06-01
    modified2020-06-02
    plugin id126924
    published2019-07-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126924
    titleAIX Java Advisory : java_apr2019_advisory.asc (April 2019 CPU)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_APR_2019_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 221, 8 Update 211, 11 Update 3, or 12 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - RMI - Windows DLL Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id124197
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124197
    titleOracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU) (Unix)

Redhat

advisories
  • bugzilla
    id1700564
    titleCVE-2019-2684 OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentjava-11-openjdk-javadoc-zip-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778001
          • commentjava-11-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521028
        • AND
          • commentjava-11-openjdk-demo-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778003
          • commentjava-11-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521030
        • AND
          • commentjava-11-openjdk-devel-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778005
          • commentjava-11-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521020
        • AND
          • commentjava-11-openjdk-headless-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778007
          • commentjava-11-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521008
        • AND
          • commentjava-11-openjdk-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778009
          • commentjava-11-openjdk-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521024
        • AND
          • commentjava-11-openjdk-src-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778011
          • commentjava-11-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521010
        • AND
          • commentjava-11-openjdk-devel is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778013
          • commentjava-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521004
        • AND
          • commentjava-11-openjdk-javadoc is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778015
          • commentjava-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521018
        • AND
          • commentjava-11-openjdk-javadoc-zip is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778017
          • commentjava-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521032
        • AND
          • commentjava-11-openjdk-demo is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778019
          • commentjava-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521016
        • AND
          • commentjava-11-openjdk-jmods-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778021
          • commentjava-11-openjdk-jmods-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521014
        • AND
          • commentjava-11-openjdk-javadoc-debug is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778023
          • commentjava-11-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521026
        • AND
          • commentjava-11-openjdk-jmods is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778025
          • commentjava-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521022
        • AND
          • commentjava-11-openjdk-src is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778027
          • commentjava-11-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521012
        • AND
          • commentjava-11-openjdk is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778029
          • commentjava-11-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521006
        • AND
          • commentjava-11-openjdk-headless is earlier than 1:11.0.3.7-0.el7_6
            ovaloval:com.redhat.rhsa:tst:20190778031
          • commentjava-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521002
    rhsa
    idRHSA-2019:0778
    released2019-04-17
    severityModerate
    titleRHSA-2019:0778: java-11-openjdk security update (Moderate)
  • bugzilla
    id1700564
    titleCVE-2019-2684 OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentjava-11-openjdk-jmods is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518001
          • commentjava-11-openjdk-jmods is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521022
        • AND
          • commentjava-11-openjdk-javadoc is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518003
          • commentjava-11-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521018
        • AND
          • commentjava-11-openjdk is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518005
          • commentjava-11-openjdk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521006
        • AND
          • commentjava-11-openjdk-devel is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518007
          • commentjava-11-openjdk-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521004
        • AND
          • commentjava-11-openjdk-debugsource is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518009
          • commentjava-11-openjdk-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191518010
        • AND
          • commentjava-11-openjdk-headless is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518011
          • commentjava-11-openjdk-headless is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521002
        • AND
          • commentjava-11-openjdk-demo is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518013
          • commentjava-11-openjdk-demo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521016
        • AND
          • commentjava-11-openjdk-javadoc-zip is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518015
          • commentjava-11-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521032
        • AND
          • commentjava-11-openjdk-src is earlier than 1:11.0.3.7-2.el8_0
            ovaloval:com.redhat.rhsa:tst:20191518017
          • commentjava-11-openjdk-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183521012
    rhsa
    idRHSA-2019:1518
    released2019-06-18
    severityModerate
    titleRHSA-2019:1518: java-11-openjdk security update (Moderate)
  • rhsa
    idRHBA-2019:0959
  • rhsa
    idRHSA-2019:1146
  • rhsa
    idRHSA-2019:1163
  • rhsa
    idRHSA-2019:1164
  • rhsa
    idRHSA-2019:1165
  • rhsa
    idRHSA-2019:1166
  • rhsa
    idRHSA-2019:1238
  • rhsa
    idRHSA-2019:1325
rpms
  • java-1.8.0-openjdk-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-demo-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-devel-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-headless-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-javadoc-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-src-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-src-debug-1:1.8.0.212.b04-0.el6_10
  • java-1.8.0-openjdk-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-accessibility-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-demo-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-devel-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-headless-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-javadoc-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-src-1:1.8.0.212.b04-0.el7_6
  • java-1.8.0-openjdk-src-debug-1:1.8.0.212.b04-0.el7_6
  • java-11-openjdk-1:11.0.3.7-0.el7_6
  • java-11-openjdk-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-debuginfo-1:11.0.3.7-0.el7_6
  • java-11-openjdk-demo-1:11.0.3.7-0.el7_6
  • java-11-openjdk-demo-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-devel-1:11.0.3.7-0.el7_6
  • java-11-openjdk-devel-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-headless-1:11.0.3.7-0.el7_6
  • java-11-openjdk-headless-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-javadoc-1:11.0.3.7-0.el7_6
  • java-11-openjdk-javadoc-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-javadoc-zip-1:11.0.3.7-0.el7_6
  • java-11-openjdk-javadoc-zip-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-jmods-1:11.0.3.7-0.el7_6
  • java-11-openjdk-jmods-debug-1:11.0.3.7-0.el7_6
  • java-11-openjdk-src-1:11.0.3.7-0.el7_6
  • java-11-openjdk-src-debug-1:11.0.3.7-0.el7_6
  • java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-demo-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-devel-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-javadoc-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-src-1:1.7.0.221-2.6.18.0.el6_10
  • java-1.7.0-openjdk-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-accessibility-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-demo-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-devel-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-headless-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-javadoc-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.7.0-openjdk-src-1:1.7.0.221-2.6.18.0.el7_6
  • java-1.8.0-openjdk-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-accessibility-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-debugsource-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-demo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-demo-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-demo-slowdebug-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-devel-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-devel-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-devel-slowdebug-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-headless-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-headless-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-headless-slowdebug-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-javadoc-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-slowdebug-debuginfo-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-openjdk-src-1:1.8.0.212.b04-1.el8_0
  • java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-demo-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-devel-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-plugin-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-src-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.35-1jpp.1.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.35-1jpp.1.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.35-1jpp.1.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.35-1jpp.1.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.35-1jpp.1.el7
  • java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-demo-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-devel-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-plugin-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-src-1:1.7.1.4.45-1jpp.1.el6_10
  • java-1.7.1-ibm-1:1.7.1.4.45-1jpp.1.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.45-1jpp.1.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.45-1jpp.1.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.45-1jpp.1.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.45-1jpp.1.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.45-1jpp.1.el7
  • java-1.8.0-ibm-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-demo-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-devel-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-headless-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-plugin-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-src-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-webstart-1:1.8.0.5.35-3.el8_0
  • java-1.8.0-ibm-1:1.8.0.5.35-1jpp.1.el6_10
  • java-1.8.0-ibm-devel-1:1.8.0.5.35-1jpp.1.el6_10
  • java-11-openjdk-1:11.0.3.7-2.el8_0
  • java-11-openjdk-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-debugsource-1:11.0.3.7-2.el8_0
  • java-11-openjdk-demo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-devel-1:11.0.3.7-2.el8_0
  • java-11-openjdk-devel-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-headless-1:11.0.3.7-2.el8_0
  • java-11-openjdk-headless-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-javadoc-1:11.0.3.7-2.el8_0
  • java-11-openjdk-javadoc-zip-1:11.0.3.7-2.el8_0
  • java-11-openjdk-jmods-1:11.0.3.7-2.el8_0
  • java-11-openjdk-slowdebug-debuginfo-1:11.0.3.7-2.el8_0
  • java-11-openjdk-src-1:11.0.3.7-2.el8_0

References