Vulnerabilities > CVE-2020-2756 - Improper Handling of Exceptional Conditions vulnerability in multiple products
Summary
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id ORACLE_JAVA_CPU_APR_2020.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over last seen 2020-04-23 modified 2020-04-16 plugin id 135592 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135592 title Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135592); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id( "CVE-2019-18197", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2764", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"IAVA", value:"2020-A-0134-S"); script_name(english:"Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol. This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757) - Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764) - Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773) It is also affected by other vulnerabilities; please see vendor advisories for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7, 8 Update 251 , 7 Update 261 or later. If necessary, remove any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK|JRE) 13 Update 2 / 11 Update 6 / 8 Update 214 / 7 Update 251 if ( ver_compare(minver:"1.7.0", ver:ver, fix:"1.7.0_261", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.8.0", ver:ver, fix:"1.8.0_251", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.11.0", ver:ver, fix:"1.11.0_7", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 || ver_compare(minver:"1.13.0", ver:ver, fix:"1.14.0_1", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installations on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1516.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1516 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-22 plugin id 135909 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135909 title RHEL 8 : java-1.8.0-openjdk (RHSA-2020:1516) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1516. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135909); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1516"); script_name(english:"RHEL 8 : java-1.8.0-openjdk (RHSA-2020:1516)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1516 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1516"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823199"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823200"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823215"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823216"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823224"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823542"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823694"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823844"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823960"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-debugsource-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-debugsource-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-debugsource-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / java-1.8.0-openjdk-debugsource / etc'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1514.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135861 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135861 title RHEL 8 : java-11-openjdk (RHSA-2020:1514) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1514. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135861); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1514"); script_name(english:"RHEL 8 : java-11-openjdk (RHSA-2020:1514)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/327.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1514"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2767"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2778"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2816"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823199"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823200"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823215"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823216"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823224"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823542"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823694"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823844"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823853"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823879"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823947"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823960"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 327, 358, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-debugsource / java-11-openjdk-demo / etc'); }
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1421.NASL description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2755) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2830) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-2803) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2754) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2781) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757) A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2020-2805) last seen 2020-05-12 modified 2020-05-07 plugin id 136364 published 2020-05-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136364 title Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2020-1421. # include("compat.inc"); if (description) { script_id(136364); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/11"); script_cve_id("CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"); script_xref(name:"ALAS", value:"2020-1421"); script_name(english:"Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2020-1421)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2755) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2830) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). (CVE-2020-2803) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2754) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2781) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757) A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2020-2805)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1421.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update java-1.8.0-openjdk' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-accessibility-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-demo-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-devel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-headless-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-javadoc-zip-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:java-1.8.0-openjdk-src-debug"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-accessibility-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-debuginfo-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-demo-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-devel-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-headless-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-src-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (rpm_check(release:"AL2", reference:"java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.amzn2.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1581.NASL description According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.(CVE-2020-2601) - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.(CVE-2020-2654) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2659) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-2593) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-2590) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. (CVE-2020-2583) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2781) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-2800) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2830) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2754) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2755) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. (CVE-2020-2756) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. .(CVE-2020-2757) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2773) - A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions.(CVE-2020-2803) - A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions.(CVE-2020-2805) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.(CVE-2020-2604) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-05-26 plugin id 136859 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136859 title EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2020-1581) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(136859); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/28"); script_cve_id( "CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830" ); script_name(english:"EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2020-1581)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data.(CVE-2020-2601) - Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE.(CVE-2020-2654) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2659) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-2593) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data.(CVE-2020-2590) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. (CVE-2020-2583) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2781) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.(CVE-2020-2800) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2830) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2754) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2755) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. (CVE-2020-2756) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. .(CVE-2020-2757) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14 Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.(CVE-2020-2773) - A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions.(CVE-2020-2803) - A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions.(CVE-2020-2805) - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1 Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded.(CVE-2020-2604) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1581 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?711cf805"); script_set_attribute(attribute:"solution", value: "Update the affected java-1.8.0-openjdk packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:java-1.8.0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["java-1.8.0-openjdk-1.8.0.181.b15-5.h12.eulerosv2r8", "java-1.8.0-openjdk-devel-1.8.0.181.b15-5.h12.eulerosv2r8", "java-1.8.0-openjdk-headless-1.8.0.181.b15-5.h12.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1512.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1512 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135775 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135775 title RHEL 7 : java-1.8.0-openjdk (RHSA-2020:1512) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1512. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135775); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1512"); script_name(english:"RHEL 7 : java-1.8.0-openjdk (RHSA-2020:1512)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1512 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1512"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::client"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::computenode"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7::workstation"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8', 'cpu':'i686', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'1'}, {'reference':'java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / java-1.8.0-openjdk-demo / etc'); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0083_OPENJDK8.NASL description An update of the openjdk8 package has been released. last seen 2020-05-03 modified 2020-04-29 plugin id 136095 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136095 title Photon OS 3.0: Openjdk8 PHSA-2020-3.0-0083 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-3.0-0083. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(136095); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_name(english:"Photon OS 3.0: Openjdk8 PHSA-2020-3.0-0083"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the openjdk8 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-83.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-debuginfo-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-doc-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-sample-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-src-1.8.0.252-1.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk8"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1517.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-22 plugin id 135908 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135908 title RHEL 8 : java-11-openjdk (RHSA-2020:1517) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1517. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135908); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1517"); script_name(english:"RHEL 8 : java-11-openjdk (RHSA-2020:1517)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/327.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1517"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2767"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2778"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2816"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823199"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823200"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823215"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823216"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823224"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823542"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823694"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823844"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823853"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823879"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823947"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823960"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 327, 358, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-debugsource / java-11-openjdk-demo / etc'); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-757.NASL description This update for java-11-openjdk fixes the following issues : Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed : - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-10 modified 2020-06-04 plugin id 137132 published 2020-06-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137132 title openSUSE Security Update : java-11-openjdk (openSUSE-2020-757) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-757. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(137132); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830"); script_name(english:"openSUSE Security Update : java-11-openjdk (openSUSE-2020-757)"); script_summary(english:"Check for the openSUSE-2020-757 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for java-11-openjdk fixes the following issues : Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed : - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1167462" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169511" ); script_set_attribute( attribute:"solution", value:"Update the affected java-11-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-accessibility-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-accessibility-debuginfo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-debuginfo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-debugsource-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-demo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-devel-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-headless-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-javadoc-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-jmods-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-src-11.0.7.0-lp151.3.16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk / java-11-openjdk-accessibility / etc"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1512.NASL description From Red Hat Security Advisory 2020:1512 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1512 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-24 plugin id 135953 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135953 title Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-1512) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1512 and # Oracle Linux Security Advisory ELSA-2020-1512 respectively. # include("compat.inc"); if (description) { script_id(135953); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id("CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"); script_xref(name:"RHSA", value:"2020:1512"); script_xref(name:"IAVA", value:"2020-A-0134-S"); script_name(english:"Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2020-1512)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2020:1512 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1512 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-April/009854.html" ); script_set_attribute( attribute:"solution", value:"Update the affected java-1.8.0-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-accessibility-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-demo-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-devel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-headless-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-javadoc-zip-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:java-1.8.0-openjdk-src-debug"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-accessibility-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-accessibility-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-demo-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-demo-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-devel-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-devel-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-headless-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-javadoc-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-javadoc-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-javadoc-zip-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-src-1.8.0.252.b09-2.el7_8")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"java-1.8.0-openjdk-src-debug-1.8.0.252.b09-2.el7_8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.8.0-openjdk / java-1.8.0-openjdk-accessibility / etc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1509.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-01 plugin id 136196 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136196 title CentOS 7 : java-11-openjdk (CESA-2020:1509) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL description An update of the openjdk11 package has been released. last seen 2020-05-03 modified 2020-04-29 plugin id 136109 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136109 title Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1506.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135776 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135776 title RHEL 6 : java-1.8.0-openjdk (RHSA-2020:1506) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1514.NASL description From Red Hat Security Advisory 2020:1514 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-24 plugin id 135955 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135955 title Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1424.NASL description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2781) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2800) A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions. (CVE-2020-2803) A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2020-2805) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2830) last seen 2020-05-16 modified 2020-05-13 plugin id 136529 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136529 title Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2020-1424) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1509.NASL description From Red Hat Security Advisory 2020:1509 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-24 plugin id 135951 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135951 title Oracle Linux 7 : java-11-openjdk (ELSA-2020-1509) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0235_OPENJDK8.NASL description An update of the openjdk8 package has been released. last seen 2020-05-08 modified 2020-05-05 plugin id 136334 published 2020-05-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136334 title Photon OS 2.0: Openjdk8 PHSA-2020-2.0-0235 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4668.NASL description Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. last seen 2020-05-06 modified 2020-04-30 plugin id 136125 published 2020-04-30 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136125 title Debian DSA-4668-1 : openjdk-8 - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1512.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1512 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-01 plugin id 136198 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136198 title CentOS 7 : java-1.8.0-openjdk (CESA-2020:1512) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2193.NASL description Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. For Debian 8 last seen 2020-05-06 modified 2020-04-29 plugin id 136068 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136068 title Debian DLA-2193-1 : openjdk-7 security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1508.NASL description From Red Hat Security Advisory 2020:1508 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-08 modified 2020-04-22 plugin id 135885 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135885 title Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2020-1508) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2239.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2239 advisory. - OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136740 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136740 title RHEL 6 : java-1.8.0-ibm (RHSA-2020:2239) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1365.NASL description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2756) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2757) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2773) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2781) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). (CVE-2020-2800) A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions. (CVE-2020-2803) A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2020-2805) Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). (CVE-2020-2830) last seen 2020-05-21 modified 2020-05-15 plugin id 136626 published 2020-05-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136626 title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2020-1365) NASL family Scientific Linux Local Security Checks NASL id SL_20200421_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL description Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) last seen 2020-04-30 modified 2020-04-22 plugin id 135889 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135889 title Scientific Linux Security Update : java-1.7.0-openjdk on SL7.x x86_64 (20200421) NASL family Scientific Linux Local Security Checks NASL id SL_20200421_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL description Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) last seen 2020-04-30 modified 2020-04-22 plugin id 135888 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135888 title Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20200421) NASL family Fedora Local Security Checks NASL id FEDORA_2020-21CA991B3B.NASL description Update to OpenJDK 8u252 (April Critical Patch Update) - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap Full release notes: https://bitly.com/oj8u252 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-16 modified 2020-05-13 plugin id 136531 published 2020-05-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136531 title Fedora 30 : 1:java-1.8.0-openjdk (2020-21ca991b3b) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2236.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2236 advisory. - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136739 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136739 title RHEL 6 : java-1.7.1-ibm (RHSA-2020:2236) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4662.NASL description Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks. last seen 2020-04-30 modified 2020-04-27 plugin id 135982 published 2020-04-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135982 title Debian DSA-4662-1 : openjdk-11 - security update NASL family Scientific Linux Local Security Checks NASL id SL_20200421_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL description Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) last seen 2020-04-30 modified 2020-04-22 plugin id 135890 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135890 title Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20200421) NASL family Fedora Local Security Checks NASL id FEDORA_2020-A60AD9D4EC.NASL description Update to OpenJDK 8u252 (April Critical Patch Update) - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-8225603: Enhancement for big integers - JDK-8227542: Manifest improved jar headers - JDK-8231415, CVE-2020-2773: Better signatures in XML - JDK-8233250: Better X11 rendering - JDK-8233410: Better Build Scripting - JDK-8234027: Better JCEKS key support - JDK-8234408, CVE-2020-2781: Improve TLS session handling - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - JDK-8235274, CVE-2020-2805: Enhance typing of methods - JDK-8236201, CVE-2020-2830: Better Scanner conversions - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap Full release notes: https://bitly.com/oj8u252 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-22 modified 2020-05-18 plugin id 136682 published 2020-05-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136682 title Fedora 31 : 1:java-1.8.0-openjdk (2020-a60ad9d4ec) NASL family Scientific Linux Local Security Checks NASL id SL_20200421_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL description Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) last seen 2020-04-30 modified 2020-04-22 plugin id 135891 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135891 title Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20200421) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-1_0-0290_OPENJDK.NASL description An update of the openjdk package has been released. last seen 2020-05-03 modified 2020-04-29 plugin id 136108 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136108 title Photon OS 1.0: Openjdk PHSA-2020-1.0-0290 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1507.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1507 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-01 plugin id 136195 published 2020-05-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136195 title CentOS 7 : java-1.7.0-openjdk (CESA-2020:1507) NASL family Misc. NASL id ORACLE_JAVA_CPU_APR_2020_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over last seen 2020-05-23 modified 2020-04-16 plugin id 135591 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135591 title Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1508.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-03 modified 2020-04-28 plugin id 136019 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136019 title CentOS 6 : java-1.7.0-openjdk (CESA-2020:1508) NASL family Scientific Linux Local Security Checks NASL id SL_20200421_JAVA_11_OPENJDK_ON_SL7_X.NASL description Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) last seen 2020-04-30 modified 2020-04-22 plugin id 135887 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135887 title Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20200421) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2238.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2238 advisory. - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136735 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136735 title RHEL 7 : java-1.7.1-ibm (RHSA-2020:2238) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2241.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2241 advisory. - OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136738 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136738 title RHEL 8 : java-1.8.0-ibm (RHSA-2020:2241) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL description An update of the openjdk11 package has been released. last seen 2020-05-08 modified 2020-05-05 plugin id 136333 published 2020-05-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136333 title Photon OS 2.0: Openjdk11 PHSA-2020-2.0-0235 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1507.NASL description From Red Hat Security Advisory 2020:1507 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1507 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-24 plugin id 135950 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135950 title Oracle Linux 7 : java-1.7.0-openjdk (ELSA-2020-1507) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1507.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1507 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135768 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135768 title RHEL 7 : java-1.7.0-openjdk (RHSA-2020:1507) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4337-1.NASL description It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755) It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767) It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773) Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778) Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781) Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800) Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805) It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816) It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-24 plugin id 135967 published 2020-04-24 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135967 title Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : openjdk-8, openjdk-lts vulnerabilities (USN-4337-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1506.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-28 plugin id 136018 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136018 title CentOS 6 : java-1.8.0-openjdk (CESA-2020:1506) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1410.NASL description Further information about this update can be found in the Corretto 11 change log (https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md) last seen 2020-04-30 modified 2020-04-16 plugin id 135595 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135595 title Amazon Linux 2 : java-11-amazon-corretto (ALAS-2020-1410) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1508.NASL description The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1508 advisory. - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135772 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135772 title RHEL 6 : java-1.7.0-openjdk (RHSA-2020:1508) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1509.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-22 plugin id 135905 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135905 title RHEL 7 : java-11-openjdk (RHSA-2020:1509) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL description An update of the openjdk11 package has been released. last seen 2020-05-03 modified 2020-04-29 plugin id 136100 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136100 title Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2237.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2237 advisory. - OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) - OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-31 modified 2020-05-20 plugin id 136736 published 2020-05-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136736 title RHEL 7 : java-1.8.0-ibm (RHSA-2020:2237) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-1506.NASL description From Red Hat Security Advisory 2020:1506 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1506 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-22 plugin id 135884 published 2020-04-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135884 title Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2020-1506)
Redhat
rpms |
|
References
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://security.netapp.com/advisory/ntap-20200416-0004/
- https://www.debian.org/security/2020/dsa-4662
- https://usn.ubuntu.com/4337-1/
- https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html
- https://www.debian.org/security/2020/dsa-4668
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html
- https://security.gentoo.org/glsa/202006-22
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10332
- https://security.gentoo.org/glsa/202209-15
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/