Vulnerabilities > CVE-2019-2958

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
oracle
netapp
opensuse
debian
nessus

Summary

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1110.NASL
    descriptionAccording to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.Security Fix(es):Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2999)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2816)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2786)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2762)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2769)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2962)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2988)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2992)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.(CVE-2019-2964)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2973)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2981)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2958)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2945)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2978)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2989)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2983) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-02-24
    plugin id133911
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133911
    titleEulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2020-1110)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133911);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-2762",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2945",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2020-1110)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the java-1.7.0-openjdk packages
    installed, the EulerOS installation on the remote host is affected by
    the following vulnerabilities :
    
      - The java-1.7.0-openjdk packages provide the OpenJDK 7
        Java Runtime Environment and the OpenJDK 7 Java
        Software Development Kit.Security Fix(es):Vulnerability
        in the Java SE product of Oracle Java SE (component:
        Javadoc). Supported versions that are affected are Java
        SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit
        vulnerability allows unauthenticated attacker with
        network access via multiple protocols to compromise
        Java SE. Successful attacks require human interaction
        from a person other than the attacker and while the
        vulnerability is in Java SE, attacks may significantly
        impact additional products. Successful attacks of this
        vulnerability can result in unauthorized update, insert
        or delete access to some of Java SE accessible data as
        well as unauthorized read access to a subset of Java SE
        accessible data. Note: This vulnerability applies to
        Java deployments, typically in clients running
        sandboxed Java Web Start applications or sandboxed Java
        applets (in Java SE 8), that load and run untrusted
        code (e.g., code that comes from the internet) and rely
        on the Java sandbox for security. This vulnerability
        does not apply to Java deployments, typically in
        servers, that load and run only trusted code (e.g.,
        code installed by an
        administrator).(CVE-2019-2999)Vulnerability in the Java
        SE, Java SE Embedded component of Oracle Java SE
        (subcomponent: Networking). Supported versions that are
        affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1
        Java SE Embedded: 8u211. Difficult to exploit
        vulnerability allows unauthenticated attacker with
        network access via multiple protocols to compromise
        Java SE, Java SE Embedded. Successful attacks of this
        vulnerability can result in unauthorized update, insert
        or delete access to some of Java SE, Java SE Embedded
        accessible data as well as unauthorized read access to
        a subset of Java SE, Java SE Embedded accessible data.
        Note: This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability can also be exploited by
        using APIs in the specified Component, e.g., through a
        web service which supplies data to the
        APIs.(CVE-2019-2816)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Security). Supported versions that are affected are
        Java SE: 8u212, 11.0.3 and 12.0.1 Java SE Embedded:
        8u211. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks require human interaction
        from a person other than the attacker and while the
        vulnerability is in Java SE, Java SE Embedded, attacks
        may significantly impact additional products.
        Successful attacks of this vulnerability can result in
        unauthorized read access to a subset of Java SE, Java
        SE Embedded accessible data. Note: This vulnerability
        applies to Java deployments, typically in clients
        running sandboxed Java Web Start applications or
        sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2786)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Utilities). Supported versions that are affected are
        Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE
        Embedded: 8u211. Easily exploitable vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2762)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Utilities). Supported versions that are affected are
        Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE
        Embedded: 8u211. Easily exploitable vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2769)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component: 2D).
        Supported versions that are affected are Java SE:
        7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221.
        Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2962)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component: 2D).
        Supported versions that are affected are Java SE:
        7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221.
        Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability does not apply
        to Java deployments, typically in servers, that load
        and run only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2988)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: 2D). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability does not apply
        to Java deployments, typically in servers, that load
        and run only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2992)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: Concurrency). Supported versions that are
        affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java
        SE Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability can only be
        exploited by supplying data to APIs in the specified
        Component without using Untrusted Java Web Start
        applications or Untrusted Java applets, such as through
        a web service.(CVE-2019-2964)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: JAXP). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2973)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        JAXP). Supported versions that are affected are Java
        SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2981)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Libraries). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized creation, deletion or
        modification access to critical data or all Java SE,
        Java SE Embedded accessible data. Note: This
        vulnerability applies to Java deployments, typically in
        clients running sandboxed Java Web Start applications
        or sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2958)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Networking). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks require human interaction
        from a person other than the attacker. Successful
        attacks of this vulnerability can result in
        unauthorized ability to cause a partial denial of
        service (partial DOS) of Java SE, Java SE Embedded.
        Note: This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability does not apply to Java
        deployments, typically in servers, that load and run
        only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2945)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: Networking). Supported versions that are
        affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java
        SE Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2978)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Networking). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. While the vulnerability is in Java SE, Java
        SE Embedded, attacks may significantly impact
        additional products. Successful attacks of this
        vulnerability can result in unauthorized creation,
        deletion or modification access to critical data or all
        Java SE, Java SE Embedded accessible data. Note: This
        vulnerability applies to Java deployments, typically in
        clients running sandboxed Java Web Start applications
        or sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2989)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Serialization). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2983)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1110
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a938e66d");
      script_set_attribute(attribute:"solution", value:
    "Update the affected java-1.7.0-openjdk packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.7.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["java-1.7.0-openjdk-1.7.0.191-2.6.15.4.h11.eulerosv2r7",
            "java-1.7.0-openjdk-devel-1.7.0.191-2.6.15.4.h11.eulerosv2r7",
            "java-1.7.0-openjdk-headless-1.7.0.191-2.6.15.4.h11.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0001-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] - Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132670
    published2020-01-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132670
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0001-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0001-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132670);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2019-17631", "CVE-2019-2933", "CVE-2019-2945", "CVE-2019-2958", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2975", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2996", "CVE-2019-2999");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0001-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_8_0-ibm fixes the following issues :
    
    Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212]
    
      - Security fixes: CVE-2019-2933 CVE-2019-2945
        CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975
        CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989
        CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973
        CVE-2019-2981 CVE-2019-17631
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1158442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17631/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2933/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2945/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2958/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2962/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2973/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2975/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2978/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2981/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2983/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2988/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2989/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2992/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2996/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2999/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200001-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6797c026"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1=1
    
    SUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t
    patch SUSE-SLE-Module-Legacy-15-SP1-2020-1=1
    
    SUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch
    SUSE-SLE-Module-Legacy-15-2020-1=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-alsa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_8_0-ibm-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-32bit-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-devel-32bit-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"java-1_8_0-ibm-demo-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"java-1_8_0-ibm-src-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"java-1_8_0-ibm-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-ibm-alsa-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"java-1_8_0-ibm-plugin-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-1_8_0-ibm-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"java-1_8_0-ibm-devel-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-32bit-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"java-1_8_0-ibm-devel-32bit-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"java-1_8_0-ibm-demo-1.8.0_sr6.0-3.30.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"java-1_8_0-ibm-src-1.8.0_sr6.0-3.30.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_8_0-ibm");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136109
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136109
    titlePhoton OS 1.0: Openjdk11 PHSA-2020-1.0-0290
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0290. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136109);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2018-3136",
        "CVE-2018-3139",
        "CVE-2018-3149",
        "CVE-2018-3150",
        "CVE-2018-3157",
        "CVE-2018-3169",
        "CVE-2018-3180",
        "CVE-2018-3183",
        "CVE-2018-3211",
        "CVE-2018-11212",
        "CVE-2018-13785",
        "CVE-2018-14048",
        "CVE-2019-2422",
        "CVE-2019-2426",
        "CVE-2019-2602",
        "CVE-2019-2684",
        "CVE-2019-2745",
        "CVE-2019-2762",
        "CVE-2019-2766",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2818",
        "CVE-2019-2821",
        "CVE-2019-2894",
        "CVE-2019-2933",
        "CVE-2019-2945",
        "CVE-2019-2949",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2975",
        "CVE-2019-2977",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2987",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999",
        "CVE-2020-2583",
        "CVE-2020-2590",
        "CVE-2020-2593",
        "CVE-2020-2601",
        "CVE-2020-2654",
        "CVE-2020-2655",
        "CVE-2020-2754",
        "CVE-2020-2755",
        "CVE-2020-2756",
        "CVE-2020-2757",
        "CVE-2020-2767",
        "CVE-2020-2773",
        "CVE-2020-2778",
        "CVE-2020-2781",
        "CVE-2020-2800",
        "CVE-2020-2803",
        "CVE-2020-2805",
        "CVE-2020-2816",
        "CVE-2020-2830"
      );
      script_bugtraq_id(
        105587,
        105591,
        105595,
        105597,
        105599,
        105601,
        105602,
        105608,
        105617,
        105622,
        106583,
        106590,
        106596,
        107918,
        107922,
        109184,
        109185,
        109186,
        109187,
        109188,
        109189,
        109201,
        109210
      );
    
      script_name(english:"Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openjdk11 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-290.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3183");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-debuginfo-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-doc-11.0.7-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"openjdk11-src-11.0.7-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk11");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1111.NASL
    descriptionAccording to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.Security Fix(es):Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2987)Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2999)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2816)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2786)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2762)Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2769)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2962)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2988)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2992)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.(CVE-2019-2964)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2973)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2981)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2933)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2958)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).(CVE-2019-2945)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2978)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2989)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2975)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2019-2983)Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.(CVE-2020-2604) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-02-24
    plugin id133912
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133912
    titleEulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2020-1111)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133912);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-2762",
        "CVE-2019-2769",
        "CVE-2019-2786",
        "CVE-2019-2816",
        "CVE-2019-2933",
        "CVE-2019-2945",
        "CVE-2019-2958",
        "CVE-2019-2962",
        "CVE-2019-2964",
        "CVE-2019-2973",
        "CVE-2019-2975",
        "CVE-2019-2978",
        "CVE-2019-2981",
        "CVE-2019-2983",
        "CVE-2019-2987",
        "CVE-2019-2988",
        "CVE-2019-2989",
        "CVE-2019-2992",
        "CVE-2019-2999",
        "CVE-2020-2604"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2020-1111)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the java-1.8.0-openjdk packages
    installed, the EulerOS installation on the remote host is affected by
    the following vulnerabilities :
    
      - The java-1.8.0-openjdk packages provide the OpenJDK 8
        Java Runtime Environment and the OpenJDK 8 Java
        Software Development Kit.Security Fix(es):Vulnerability
        in the Java SE product of Oracle Java SE (component:
        2D). Supported versions that are affected are Java SE:
        11.0.4 and 13. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE. Successful
        attacks of this vulnerability can result in
        unauthorized ability to cause a partial denial of
        service (partial DOS) of Java SE. Note: This
        vulnerability applies to Java deployments, typically in
        clients running sandboxed Java Web Start applications
        or sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2987)Vulnerability in the Java SE
        product of Oracle Java SE (component: Javadoc).
        Supported versions that are affected are Java SE:
        7u231, 8u221, 11.0.4 and 13. Difficult to exploit
        vulnerability allows unauthenticated attacker with
        network access via multiple protocols to compromise
        Java SE. Successful attacks require human interaction
        from a person other than the attacker and while the
        vulnerability is in Java SE, attacks may significantly
        impact additional products. Successful attacks of this
        vulnerability can result in unauthorized update, insert
        or delete access to some of Java SE accessible data as
        well as unauthorized read access to a subset of Java SE
        accessible data. Note: This vulnerability applies to
        Java deployments, typically in clients running
        sandboxed Java Web Start applications or sandboxed Java
        applets (in Java SE 8), that load and run untrusted
        code (e.g., code that comes from the internet) and rely
        on the Java sandbox for security. This vulnerability
        does not apply to Java deployments, typically in
        servers, that load and run only trusted code (e.g.,
        code installed by an
        administrator).(CVE-2019-2999)Vulnerability in the Java
        SE, Java SE Embedded component of Oracle Java SE
        (subcomponent: Networking). Supported versions that are
        affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1
        Java SE Embedded: 8u211. Difficult to exploit
        vulnerability allows unauthenticated attacker with
        network access via multiple protocols to compromise
        Java SE, Java SE Embedded. Successful attacks of this
        vulnerability can result in unauthorized update, insert
        or delete access to some of Java SE, Java SE Embedded
        accessible data as well as unauthorized read access to
        a subset of Java SE, Java SE Embedded accessible data.
        Note: This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability can also be exploited by
        using APIs in the specified Component, e.g., through a
        web service which supplies data to the
        APIs.(CVE-2019-2816)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Security). Supported versions that are affected are
        Java SE: 8u212, 11.0.3 and 12.0.1 Java SE Embedded:
        8u211. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks require human interaction
        from a person other than the attacker and while the
        vulnerability is in Java SE, Java SE Embedded, attacks
        may significantly impact additional products.
        Successful attacks of this vulnerability can result in
        unauthorized read access to a subset of Java SE, Java
        SE Embedded accessible data. Note: This vulnerability
        applies to Java deployments, typically in clients
        running sandboxed Java Web Start applications or
        sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2786)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Utilities). Supported versions that are affected are
        Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE
        Embedded: 8u211. Easily exploitable vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2762)Vulnerability in the Java SE, Java
        SE Embedded component of Oracle Java SE (subcomponent:
        Utilities). Supported versions that are affected are
        Java SE: 7u221, 8u212, 11.0.3 and 12.0.1 Java SE
        Embedded: 8u211. Easily exploitable vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2769)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component: 2D).
        Supported versions that are affected are Java SE:
        7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221.
        Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2962)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component: 2D).
        Supported versions that are affected are Java SE:
        7u231, 8u221, 11.0.4 and 13 Java SE Embedded: 8u221.
        Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability does not apply
        to Java deployments, typically in servers, that load
        and run only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2988)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: 2D). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability does not apply
        to Java deployments, typically in servers, that load
        and run only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2992)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: Concurrency). Supported versions that are
        affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java
        SE Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability can only be
        exploited by supplying data to APIs in the specified
        Component without using Untrusted Java Web Start
        applications or Untrusted Java applets, such as through
        a web service.(CVE-2019-2964)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: JAXP). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2973)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        JAXP). Supported versions that are affected are Java
        SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2981)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Libraries). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks require human interaction
        from a person other than the attacker. Successful
        attacks of this vulnerability can result in
        unauthorized read access to a subset of Java SE, Java
        SE Embedded accessible data. Note: This vulnerability
        applies to Java deployments, typically in clients
        running sandboxed Java Web Start applications or
        sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2933)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Libraries). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized creation, deletion or
        modification access to critical data or all Java SE,
        Java SE Embedded accessible data. Note: This
        vulnerability applies to Java deployments, typically in
        clients running sandboxed Java Web Start applications
        or sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2958)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Networking). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks require human interaction
        from a person other than the attacker. Successful
        attacks of this vulnerability can result in
        unauthorized ability to cause a partial denial of
        service (partial DOS) of Java SE, Java SE Embedded.
        Note: This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability does not apply to Java
        deployments, typically in servers, that load and run
        only trusted code (e.g., code installed by an
        administrator).(CVE-2019-2945)Vulnerability in the Java
        SE, Java SE Embedded product of Oracle Java SE
        (component: Networking). Supported versions that are
        affected are Java SE: 7u231, 8u221, 11.0.4 and 13 Java
        SE Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2978)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Networking). Supported versions that are affected are
        Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE Embedded:
        8u221. Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. While the vulnerability is in Java SE, Java
        SE Embedded, attacks may significantly impact
        additional products. Successful attacks of this
        vulnerability can result in unauthorized creation,
        deletion or modification access to critical data or all
        Java SE, Java SE Embedded accessible data. Note: This
        vulnerability applies to Java deployments, typically in
        clients running sandboxed Java Web Start applications
        or sandboxed Java applets (in Java SE 8), that load and
        run untrusted code (e.g., code that comes from the
        internet) and rely on the Java sandbox for security.
        This vulnerability can also be exploited by using APIs
        in the specified Component, e.g., through a web service
        which supplies data to the
        APIs.(CVE-2019-2989)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Scripting). Supported versions that are affected are
        Java SE: 8u221, 11.0.4 and 13 Java SE Embedded: 8u221.
        Difficult to exploit vulnerability allows
        unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized update, insert or delete access
        to some of Java SE, Java SE Embedded accessible data
        and unauthorized ability to cause a partial denial of
        service (partial DOS) of Java SE, Java SE Embedded.
        Note: This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability can also be exploited by
        using APIs in the specified Component, e.g., through a
        web service which supplies data to the
        APIs.(CVE-2019-2975)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Serialization). Supported versions that are affected
        are Java SE: 7u231, 8u221, 11.0.4 and 13 Java SE
        Embedded: 8u221. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in unauthorized ability to cause a partial
        denial of service (partial DOS) of Java SE, Java SE
        Embedded. Note: This vulnerability applies to Java
        deployments, typically in clients running sandboxed
        Java Web Start applications or sandboxed Java applets
        (in Java SE 8), that load and run untrusted code (e.g.,
        code that comes from the internet) and rely on the Java
        sandbox for security. This vulnerability can also be
        exploited by using APIs in the specified Component,
        e.g., through a web service which supplies data to the
        APIs.(CVE-2019-2983)Vulnerability in the Java SE, Java
        SE Embedded product of Oracle Java SE (component:
        Serialization). Supported versions that are affected
        are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE
        Embedded: 8u231. Difficult to exploit vulnerability
        allows unauthenticated attacker with network access via
        multiple protocols to compromise Java SE, Java SE
        Embedded. Successful attacks of this vulnerability can
        result in takeover of Java SE, Java SE Embedded. Note:
        This vulnerability applies to Java deployments,
        typically in clients running sandboxed Java Web Start
        applications or sandboxed Java applets (in Java SE 8),
        that load and run untrusted code (e.g., code that comes
        from the internet) and rely on the Java sandbox for
        security. This vulnerability can also be exploited by
        using APIs in the specified Component, e.g., through a
        web service which supplies data to the
        APIs.(CVE-2020-2604)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1111
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5060c3b0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected java-1.8.0-openjdk packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["java-1.8.0-openjdk-1.8.0.191.b12-0.h6.eulerosv2r7",
            "java-1.8.0-openjdk-devel-1.8.0.191.b12-0.h6.eulerosv2r7",
            "java-1.8.0-openjdk-headless-1.8.0.191.b12-0.h6.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3084-1.NASL
    descriptionThis update for java-1_7_0-openjdk fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131546
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131546
    titleSUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:3084-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:3084-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131546);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2019-2894", "CVE-2019-2933", "CVE-2019-2945", "CVE-2019-2949", "CVE-2019-2958", "CVE-2019-2962", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2987", "CVE-2019-2988", "CVE-2019-2989", "CVE-2019-2992", "CVE-2019-2999");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2019:3084-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for java-1_7_0-openjdk fixes the following issues :
    
    Security issues fixed (October 2019 CPU bsc#1154212) :
    
    CVE-2019-2933: Windows file handling redux
    
    CVE-2019-2945: Better socket support
    
    CVE-2019-2949: Better Kerberos ccache handling
    
    CVE-2019-2958: Build Better Processes
    
    CVE-2019-2964: Better support for patterns
    
    CVE-2019-2962: Better Glyph Images
    
    CVE-2019-2973: Better pattern compilation
    
    CVE-2019-2978: Improved handling of jar files
    
    CVE-2019-2981: Better Path supports
    
    CVE-2019-2983: Better serial attributes
    
    CVE-2019-2987: Better rendering of native glyphs
    
    CVE-2019-2988: Better Graphics2D drawing
    
    CVE-2019-2989: Improve TLS connection support
    
    CVE-2019-2992: Enhance font glyph mapping
    
    CVE-2019-2999: Commentary on Javadoc comments
    
    CVE-2019-2894: Enhance ECDSA operations (bsc#1152856).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152856"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1154212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2894/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2933/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2945/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2949/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2958/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2962/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2973/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2978/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2981/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2983/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2987/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2988/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2989/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2992/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-2999/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20193084-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41c1f0a0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-3084=1
    
    SUSE OpenStack Cloud 8:zypper in -t patch
    SUSE-OpenStack-Cloud-8-2019-3084=1
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
    SUSE-SLE-SAP-12-SP3-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-3084=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
    SUSE-SLE-SERVER-12-SP5-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-3084=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-3084=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-3084=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-3084=1
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-3084=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2989");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-demo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-openjdk-headless-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-demo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-demo-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-devel-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-devel-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debuginfo-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-debugsource-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-1.7.0.241-43.30.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"java-1_7_0-openjdk-headless-debuginfo-1.7.0.241-43.30.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-openjdk");
    }
    
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_OCT_2019_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking - JavaFX - Hotspot - Scripting - Javadoc - Deployment - Concurrency - JAXP - Serialization - Security Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id130010
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130010
    titleOracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Unix)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1316.NASL
    descriptionVulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).(CVE-2019-2949) Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).(CVE-2019-2989) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).(CVE-2019-2958) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).(CVE-2019-2975) Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).(CVE-2019-2977) Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).(CVE-2019-2999) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2981) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2973) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2983) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2988) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2978) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2964) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2992) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).(CVE-2019-2962) Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)(CVE-2019-2987) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).(CVE-2019-2945) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).(CVE-2019-2894)
    last seen2020-06-01
    modified2020-06-02
    plugin id130028
    published2019-10-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130028
    titleAmazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1316)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2557.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212):&#9; - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131282
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131282
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-2557)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2687.NASL
    descriptionThis update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues : Security issues fixed (bsc#1154212) : - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes : - Fixed build failuers on ARM (bsc#1138529). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132069
    published2019-12-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132069
    titleopenSUSE Security Update : java-1_8_0-openjdk (openSUSE-2019-2687)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0025-1.NASL
    descriptionThis update for java-1_8_0-openjdk fixes the following issues : Update to version jdk8u232 (icedtea 3.14.0) (October 2019 CPU, bsc#1154212) Security issues fixed : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: Add patch to fix hotspot-aarch64 (bsc#1138529). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132705
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132705
    titleSUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:0025-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2998-1.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2977: Improve String index handling CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131160
    published2019-11-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131160
    titleSUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:2998-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3238-1.NASL
    descriptionThis update for java-1_8_0-openjdk (jdk8u232/icedtea 3.14.0) fixes the following issues : Security issues fixed (bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856) Bug fixes: Fixed build failuers on ARM (bsc#1138529). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132004
    published2019-12-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132004
    titleSUSE SLED15 / SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2019:3238-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3083-1.NASL
    descriptionThis update for java-11-openjdk fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212) : CVE-2019-2933: Windows file handling redux CVE-2019-2945: Better socket support CVE-2019-2949: Better Kerberos ccache handling CVE-2019-2958: Build Better Processes CVE-2019-2964: Better support for patterns CVE-2019-2962: Better Glyph Images CVE-2019-2973: Better pattern compilation CVE-2019-2975: Unexpected exception in jjs CVE-2019-2978: Improved handling of jar files CVE-2019-2977: Improve String index handling CVE-2019-2981: Better Path supports CVE-2019-2983: Better serial attributes CVE-2019-2987: Better rendering of native glyphs CVE-2019-2988: Better Graphics2D drawing CVE-2019-2989: Improve TLS connection support CVE-2019-2992: Enhance font glyph mapping CVE-2019-2999: Commentary on Javadoc comments CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131545
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131545
    titleSUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2019:3083-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0024-1.NASL
    descriptionThis update for java-1_8_0-ibm fixes the following issues : Update to Java 8.0 Service Refresh 6 [bsc#1158442, bsc#1154212] - Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981 CVE-2019-17631 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132704
    published2020-01-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132704
    titleSUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2020:0024-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-08
    modified2020-05-05
    plugin id136333
    published2020-05-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136333
    titlePhoton OS 2.0: Openjdk11 PHSA-2020-2.0-0235
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_OCT_2019.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 241, 8 Update 231, 11 Update 5, or 13 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D - Libraries - Kerberos - Networking - JavaFX - Hotspot - Scripting - Javadoc - Deployment - Concurrency - JAXP - Serialization - Security Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id130011
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130011
    titleOracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2565.NASL
    descriptionThis update for java-11-openjdk to version jdk-11.0.5-10 fixes the following issues : Security issues fixed (October 2019 CPU bsc#1154212):&#9; - CVE-2019-2933: Windows file handling redux - CVE-2019-2945: Better socket support - CVE-2019-2949: Better Kerberos ccache handling - CVE-2019-2958: Build Better Processes - CVE-2019-2964: Better support for patterns - CVE-2019-2962: Better Glyph Images - CVE-2019-2973: Better pattern compilation - CVE-2019-2975: Unexpected exception in jjs - CVE-2019-2978: Improved handling of jar files - CVE-2019-2977: Improve String index handling - CVE-2019-2981: Better Path supports - CVE-2019-2983: Better serial attributes - CVE-2019-2987: Better rendering of native glyphs - CVE-2019-2988: Better Graphics2D drawing - CVE-2019-2989: Improve TLS connection support - CVE-2019-2992: Enhance font glyph mapping - CVE-2019-2999: Commentary on Javadoc comments - CVE-2019-2894: Enhance ECDSA operations (bsc#1152856). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131301
    published2019-11-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131301
    titleopenSUSE Security Update : java-11-openjdk (openSUSE-2019-2565)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
    descriptionAn update of the openjdk11 package has been released.
    last seen2020-05-03
    modified2020-04-29
    plugin id136100
    published2020-04-29
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136100
    titlePhoton OS 3.0: Openjdk11 PHSA-2020-3.0-0084
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2023.NASL
    descriptionSeveral vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code. Updates for the amd64 architecture are already available, new packages for i386, armel and armhf will be available within the next 24 hours. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id131781
    published2019-12-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131781
    titleDebian DLA-2023-1 : openjdk-7 security update