Vulnerabilities > CVE-2019-2894

047910
CVSS 3.7 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
high complexity
oracle
debian
opensuse
mcafee
canonical
nessus

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4223-1.NASL
    descriptionJan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. (CVE-2019-2894) It was discovered that the Socket implementation in OpenJDK did not properly restrict the creation of subclasses with a custom Socket implementation. An attacker could use this to specially create a Java class that could possibly bypass Java sandbox restrictions. (CVE-2019-2945) Rob Hamm discovered that the Kerberos implementation in OpenJDK did not properly handle proxy credentials. An attacker could possibly use this to impersonate another user. (CVE-2019-2949) It was discovered that a NULL pointer dereference existed in the font handling implementation in OpenJDK. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2962) It was discovered that the Concurrency subsystem in OpenJDK did not properly bound stack consumption when compiling regular expressions. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2964) It was discovered that the JAXP subsystem in OpenJDK did not properly handle XPath expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2973, CVE-2019-2981) It was discovered that the Nashorn JavaScript subcomponent in OpenJDK did not properly handle regular expressions in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2975) It was discovered that the String class in OpenJDK contained an out-of- bounds access vulnerability. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. This issue only affected OpenJDK 11 in Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977) It was discovered that the Jar URL handler in OpenJDK did not properly handled nested Jar URLs in some situations. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2978) It was discovered that the Serialization component of OpenJDK did not properly handle deserialization of certain object attributes. An attacker could use this to cause a denial of service (application crash). (CVE-2019-2983) It was discovered that the FreetypeFontScaler class in OpenJDK did not properly validate dimensions of glyph bitmap images read from font files. An attacker could specially craft a font file that could cause a denial of service (application crash). (CVE-2019-2987) It was discovered that a buffer overflow existed in the SunGraphics2D class in OpenJDK. An attacker could possibly use this to cause a denial of service (excessive memory consumption or application crash). (CVE-2019-2988) It was discovered that the Networking component in OpenJDK did not properly handle certain responses from HTTP proxies. An attacker controlling a malicious HTTP proxy could possibly use this to inject content into a proxied HTTP connection. (CVE-2019-2989) It was discovered that the font handling implementation in OpenJDK did not properly validate TrueType font files in some situations. An attacker could specially craft a font file that could cause a denial of service (excessive memory consumption). (CVE-2019-2992) It was discovered that the JavaDoc generator in OpenJDK did not properly filter out some HTML elements properly, including documentation comments in Java source code. An attacker could possibly use this to craft a Cross-Site Scripting attack. (CVE-2019-2999). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132240
    published2019-12-18
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132240
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : openjdk-8, openjdk-lts vulnerabilities (USN-4223-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4223-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132240);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/20");
    
      script_cve_id("CVE-2019-2894", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2977", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999");
      script_xref(name:"USN", value:"4223-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : openjdk-8, openjdk-lts vulnerabilities (USN-4223-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side-
    channel vulnerability existed in the ECDSA implementation in OpenJDK.
    An Attacker could use this to expose sensitive information.
    (CVE-2019-2894)
    
    It was discovered that the Socket implementation in OpenJDK did not
    properly restrict the creation of subclasses with a custom Socket
    implementation. An attacker could use this to specially create a Java
    class that could possibly bypass Java sandbox restrictions.
    (CVE-2019-2945)
    
    Rob Hamm discovered that the Kerberos implementation in OpenJDK did
    not properly handle proxy credentials. An attacker could possibly use
    this to impersonate another user. (CVE-2019-2949)
    
    It was discovered that a NULL pointer dereference existed in the font
    handling implementation in OpenJDK. An attacker could use this to
    cause a denial of service (application crash). (CVE-2019-2962)
    
    It was discovered that the Concurrency subsystem in OpenJDK did not
    properly bound stack consumption when compiling regular expressions.
    An attacker could use this to cause a denial of service (application
    crash). (CVE-2019-2964)
    
    It was discovered that the JAXP subsystem in OpenJDK did not properly
    handle XPath expressions in some situations. An attacker could use
    this to cause a denial of service (application crash). (CVE-2019-2973,
    CVE-2019-2981)
    
    It was discovered that the Nashorn JavaScript subcomponent in OpenJDK
    did not properly handle regular expressions in some situations. An
    attacker could use this to cause a denial of service (application
    crash). (CVE-2019-2975)
    
    It was discovered that the String class in OpenJDK contained an
    out-of- bounds access vulnerability. An attacker could use this to
    cause a denial of service (application crash) or possibly expose
    sensitive information. This issue only affected OpenJDK 11 in Ubuntu
    18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-2977)
    
    It was discovered that the Jar URL handler in OpenJDK did not properly
    handled nested Jar URLs in some situations. An attacker could use this
    to cause a denial of service (application crash). (CVE-2019-2978)
    
    It was discovered that the Serialization component of OpenJDK did not
    properly handle deserialization of certain object attributes. An
    attacker could use this to cause a denial of service (application
    crash). (CVE-2019-2983)
    
    It was discovered that the FreetypeFontScaler class in OpenJDK did not
    properly validate dimensions of glyph bitmap images read from font
    files. An attacker could specially craft a font file that could cause
    a denial of service (application crash). (CVE-2019-2987)
    
    It was discovered that a buffer overflow existed in the SunGraphics2D
    class in OpenJDK. An attacker could possibly use this to cause a
    denial of service (excessive memory consumption or application crash).
    (CVE-2019-2988)
    
    It was discovered that the Networking component in OpenJDK did not
    properly handle certain responses from HTTP proxies. An attacker
    controlling a malicious HTTP proxy could possibly use this to inject
    content into a proxied HTTP connection. (CVE-2019-2989)
    
    It was discovered that the font handling implementation in OpenJDK did
    not properly validate TrueType font files in some situations. An
    attacker could specially craft a font file that could cause a denial
    of service (excessive memory consumption). (CVE-2019-2992)
    
    It was discovered that the JavaDoc generator in OpenJDK did not
    properly filter out some HTML elements properly, including
    documentation comments in Java source code. An attacker could possibly
    use this to craft a Cross-Site Scripting attack. (CVE-2019-2999).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4223-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2977");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-11-jre-zero");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|19\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jdk", pkgver:"8u232-b09-0ubuntu1~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre", pkgver:"8u232-b09-0ubuntu1~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-headless", pkgver:"8u232-b09-0ubuntu1~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-jamvm", pkgver:"8u232-b09-0ubuntu1~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"openjdk-8-jre-zero", pkgver:"8u232-b09-0ubuntu1~16.04.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jdk", pkgver:"11.0.5+10-0ubuntu1.1~18.04")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre", pkgver:"11.0.5+10-0ubuntu1.1~18.04")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre-headless", pkgver:"11.0.5+10-0ubuntu1.1~18.04")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"openjdk-11-jre-zero", pkgver:"11.0.5+10-0ubuntu1.1~18.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jdk", pkgver:"11.0.5+10-0ubuntu1.1~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre", pkgver:"11.0.5+10-0ubuntu1.1~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre-headless", pkgver:"11.0.5+10-0ubuntu1.1~19.04")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"openjdk-11-jre-zero", pkgver:"11.0.5+10-0ubuntu1.1~19.04")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"openjdk-11-jdk", pkgver:"11.0.5+10-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"openjdk-11-jre", pkgver:"11.0.5+10-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"openjdk-11-jre-headless", pkgver:"11.0.5+10-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"openjdk-11-jre-zero", pkgver:"11.0.5+10-0ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk-11-jdk / openjdk-11-jre / openjdk-11-jre-headless / etc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136109
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136109
    titlePhoton OS 1.0: Openjdk11 PHSA-2020-1.0-0290
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136109);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2018-3136",
        "CVE-2018-3139",
        "CVE-2018-3149",
        "CVE-2018-3150",
        "CVE-2018-3157",
        "CVE-2018-3169",
        "CVE-2018-3180",
        "CVE-2018-3183",
        "CVE-2018-3211",
        "CVE-2018-11212",
        "CVE-2018-13785",
        "CVE-2018-14048",
        "CVE-2019-2422",
        "CVE-2019-2426",
        "CVE-2019-2602",
        "CVE-2019-2684",
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2766",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2818",
        "CVE-2019-2821",
        "CVE-2019-2894",
        "CVE-2019-2933",
        "CVE-2019-2945",
        "CVE-2019-2949",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2975",
        "CVE-2019-2977",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2987",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999",
        "CVE-2020-2583",
        "CVE-2020-2590",
        "CVE-2020-2593",
        "CVE-2020-2601",
        "CVE-2020-2654",
        "CVE-2020-2655",
        "CVE-2020-2754",
        "CVE-2020-2755",
        "CVE-2020-2756",
        "CVE-2020-2757",
        "CVE-2020-2767",
        "CVE-2020-2773",
        "CVE-2020-2778",
        "CVE-2020-2781",
        "CVE-2020-2800",
        "CVE-2020-2803",
        "CVE-2020-2805",
        "CVE-2020-2816",
        "CVE-2020-2830"
      );
      script_bugtraq_id(
        105587,
        105591,
        105595,
        105597,
        105599,
        105601,
        105602,
        105608,
        105617,
        105622,
        106583,
        106590,
        106596,
        107918,
        107922,
        109184,
        109185,
        109186,
        109187,
        109188,
        109189,
        109201,
        109210
      );
    
      script_name(english:"Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjdk11 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-290.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-debuginfo-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-doc-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-src-11.0.7-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk11");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3084-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131546
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131546
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:3084-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:3084-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131546);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2019-2894", "CVE-2019-2933", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2958", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:3084-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
    Security issues fixed (October 2019 CPU bsc#1154212) :
    
    CVE-2019-2933: Windows file handling redux
    
    CVE-2019-2945: Better socket support
    
    CVE-2019-2949: Better Kerberos ccache handling
    
    CVE-2019-2958: Build Better Processes
    
    CVE-2019-2964: Better support for patterns
    
    CVE-2019-2962: Better Glyph Images
    
    CVE-2019-2973: Better pattern compilation
    
    CVE-2019-2978: Improved handling of jar files
    
    CVE-2019-2981: Better Path supports
    
    CVE-2019-2983: Better serial attributes
    
    CVE-2019-2987: Better rendering of native glyphs
    
    CVE-2019-2988: Better Graphics2D drawing
    
    CVE-2019-2989: Improve TLS connection support
    
    CVE-2019-2992: Enhance font glyph mapping
    
    CVE-2019-2999: Commentary on Javadoc comments
    
    CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152856"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2894/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2933/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2945/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2949/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2958/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2962/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2973/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2978/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2981/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2983/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2987/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2988/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2989/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2992/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2999/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20193084-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41c1f0a0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-3084=1
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-3084=1
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
    SUSE-SLE-SERVER-12-SP5-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-3084=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-3084=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-3084=1
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-3084=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2989");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4548.NASL
    descriptionSeveral vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
    last seen2020-06-01
    modified2020-06-02
    plugin id130136
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130136
    titleDebian DSA-4548-1 : openjdk-8 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4548. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130136);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2019-2894", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999");
      script_xref(name:"DSA", value:"4548");
    
      script_name(english:"Debian DSA-4548-1 : openjdk-8 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the OpenJDK Java
    runtime, resulting in cross-site scripting, denial of service,
    information disclosure or Kerberos user impersonation."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/openjdk-8"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/openjdk-8"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4548"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openjdk-8 packages.
    
    For the oldstable distribution (stretch), these problems have been
    fixed in version 8u232-b09-1~deb9u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2975");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openjdk-8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"openjdk-8-dbg", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-demo", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-doc", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-jdk", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-jdk-headless", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-jre", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-jre-headless", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-jre-zero", reference:"8u232-b09-1~deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"openjdk-8-source", reference:"8u232-b09-1~deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2019_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking - JavaFX - Hotspot - Scripting - Javadoc - Deployment - Concurrency - JAXP - Serialization - Security Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id130010
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130010
    titleOracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Unix)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1316.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).(CVE-2019-2949) Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).(CVE-2019-2989) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2019-2958) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).(CVE-2019-2975) Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).(CVE-2019-2977) Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).(CVE-2019-2999) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2981) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2973) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2983) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2988) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2978) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2964) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2992) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2962) Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)(CVE-2019-2987) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).(CVE-2019-2945) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2019-2894)
    last seen2020-06-01
    modified2020-06-02
    plugin id130028
    published2019-10-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130028
    titleAmazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1316)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2557.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212):&#9; - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131282
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131282
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4546.NASL
    descriptionSeveral vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in cross-site scripting, denial of service, information disclosure or Kerberos user impersonation.
    last seen2020-06-01
    modified2020-06-02
    plugin id130134
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130134
    titleDebian DSA-4546-1 : openjdk-11 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2687.NASL
    descriptionThis update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues : Security issues fixed (bsc#1154212) : - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes : - Fixed build failuers on ARM (bsc#1138529). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132069
    published2019-12-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132069
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-2687)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0025-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : Update to version jdk8u232 (icedtea 3.14.0) (October 2019 CPU, bsc#1154212) Security issues fixed : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: Add patch to fix hotspot-aarch64 (bsc#1138529). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132705
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132705
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0025-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2998-1.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2977: Improve String index handling CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131160
    published2019-11-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131160
    titleSUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2998-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3238-1.NASL
    descriptionThis update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues : Security issues fixed (bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: Fixed build failuers on ARM (bsc#1138529). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132004
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132004
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:3238-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3083-1.NASL
    descriptionThis update for java-11-openjdk fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2977: Improve String index handling CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131545
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131545
    titleSUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2019:3083-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136333
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136333
    titlePhoton OS 2.0: Openjdk11 PHSA-2020-2.0-0235
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2019.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking - JavaFX - Hotspot - Scripting - Javadoc - Deployment - Concurrency - JAXP - Serialization - Security Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id130011
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130011
    titleOracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2565.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212):&#9; - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131301
    published2019-11-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131301
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-2565)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136100
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136100
    titlePhoton OS 3.0: Openjdk11 PHSA-2020-3.0-0084
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2023.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code. Updates for the amd64 architecture are already available, new packages for i386, armel and armhf will be available within the next 24 hours. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id131781
    published2019-12-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131781
    titleDebian DLA-2023-1 : openjdk-7 security update

References