Vulnerabilities > CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle JDK 14.0.0 Oracle JDK 11.0.6 Oracle JRE 14.0.0 Oracle JRE 11.0.6 Oracle Openjdk 8 Oracle Openjdk 7 Oracle Openjdk 14 Oracle Openjdk 11 Oracle Openjdk 11.0.1 Oracle Openjdk 11.0.2 Oracle Openjdk 11.0.3 Oracle Openjdk 11.0.4 Oracle Openjdk 11.0.5 Oracle Openjdk 11.0.6 Oracle Openjdk 13 Oracle Openjdk 13.0.1 Oracle Openjdk 13.0.2	104
Application	Netapp Netapp Cloud Backup - Netapp Steelstore Cloud Integrated Storage - Netapp Snapmanager - Netapp Oncommand Workflow Automation - Netapp Storagegrid - Netapp Storagegrid 9.0.0 Netapp Storagegrid 9.0.1 Netapp Storagegrid 9.0.2 Netapp Storagegrid 9.0.4 Netapp Oncommand Insight - Netapp Active IQ Unified Manager 7.3 Netapp Active IQ Unified Manager 9.5 Netapp Active IQ Unified Manager 9.6 Netapp 7 Mode Transition Tool - Netapp E Series Performance Analyzer - Netapp E Series Santricity OS Controller 11.0.0 Netapp E Series Santricity OS Controller 11.20 Netapp E Series Santricity OS Controller 11.25 Netapp E Series Santricity OS Controller 11.30 Netapp E Series Santricity OS Controller 11.30.5R3 Netapp E Series Santricity OS Controller 11.40 Netapp E Series Santricity OS Controller 11.40.3R2 Netapp E Series Santricity OS Controller 11.40.5 Netapp E Series Santricity OS Controller 11.50.1 Netapp E Series Santricity OS Controller 11.50.2 Netapp E Series Santricity OS Controller 11.60 Netapp E Series Santricity OS Controller 11.60.0 Netapp E Series Santricity OS Controller 11.60.1 Netapp E Series Santricity WEB Services - Netapp Plug IN FOR Symantec Netbackup - Netapp Santricity Unified Manager -	35
OS	Canonical Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.10 Canonical Ubuntu Linux 16.04	3
OS	Debian Debian Debian Linux 10.0	1
OS	Opensuse Opensuse Leap 15.1	1

Nessus

NASL family	Windows
NASL id	ORACLE_JAVA_CPU_APR_2020.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over
last seen	2020-04-23
modified	2020-04-16
plugin id	135592
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135592
title	Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(135592); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/17"); script_cve_id( "CVE-2019-18197", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2764", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"IAVA", value:"2020-A-0134-S"); script_name(english:"Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU)"); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over 'Multiple' protocol. This issue affects the 'JavaFX (libxslt)' component. Successful attacks of this vulnerability allow unauthenticated attacker with network access to takeover of Java SE. (CVE-2019-18197) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2754, CVE-2020-2755) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Serialization' component. (CVE-2020-2756, CVE-2020-2757) - Oracle Java SE prone to unauthorized read access vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol can result in unauthorized read access to a subset of Java SE accessible data. This issue affects the 'Advanced Management Console' component. (CVE-2020-2764) - Oracle Java SE and Java SE Embedded are prone to unauthorized write/read access vulnerability. An unauthenticated remote attacker over 'HTTPS' can read, update, insert or delete access to some of Java SE accessible data. This issue affects the 'JSSE' component. (CVE-2020-2767) - Oracle Java SE and Java SE Embedded are prone to partial denial of service (partial DOS) vulnerability. An unauthenticated remote attacker can exploit this over 'Multiple' protocol. This issue affects the 'Scripting' component. (CVE-2020-2773) It is also affected by other vulnerabilities; please see vendor advisories for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/a/tech/docs/cpuapr2020cvrf.xml"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuapr2020.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Oracle JDK / JRE 14 Update 1 , 11 Update 7, 8 Update 251 , 7 Update 261 or later. If necessary, remove any affected versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jdk"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("sun_java_jre_installed.nasl"); script_require_keys("SMB/Java/JRE/Installed"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); # Check each installed JRE. installs = get_kb_list_or_exit("SMB/Java/JRE/*"); info = ""; vuln = 0; installed_versions = ""; foreach install (list_uniq(keys(installs))) { ver = install - "SMB/Java/JRE/"; if (ver !~ "^[0-9.]+") continue; installed_versions = installed_versions + " & " + ver; # Fixes : (JDK\|JRE) 13 Update 2 / 11 Update 6 / 8 Update 214 / 7 Update 251 if ( ver_compare(minver:"1.7.0", ver:ver, fix:"1.7.0_261", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 \|\| ver_compare(minver:"1.8.0", ver:ver, fix:"1.8.0_251", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 \|\| ver_compare(minver:"1.11.0", ver:ver, fix:"1.11.0_7", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 \|\| ver_compare(minver:"1.13.0", ver:ver, fix:"1.14.0_1", regexes:{0:"_(\d+)"}, strict:FALSE) < 0 ) { dirs = make_list(get_kb_list(install)); vuln += max_index(dirs); foreach dir (dirs) info += '\n Path : ' + dir; info += '\n Installed version : ' + ver; info += '\n Fixed version : 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1\n'; } } # Report if any were found to be vulnerable. if (info) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (vuln > 1) s = "s of Java are"; else s = " of Java is"; report = '\n' + 'The following vulnerable instance'+s+' installed on the\n' + 'remote host :\n' + info; security_report_v4(severity:SECURITY_WARNING, port:port, extra:report); } else { installed_versions = substr(installed_versions, 3); if (" & " >< installed_versions) exit(0, "The Java "+installed_versions+" installations on the remote host are not affected."); else audit(AUDIT_INST_VER_NOT_VULN, "Java", installed_versions); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1514.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-30
modified	2020-04-21
plugin id	135861
published	2020-04-21
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135861
title	RHEL 8 : java-11-openjdk (RHSA-2020:1514)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1514. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135861); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1514"); script_name(english:"RHEL 8 : java-11-openjdk (RHSA-2020:1514)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/327.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1514"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2767"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2778"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2816"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823199"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823200"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823215"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823216"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823224"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823542"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823694"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823844"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823853"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823879"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823947"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823960"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 327, 358, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_1', 'cpu':'x86_64', 'release':'8', 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-debugsource / java-11-openjdk-demo / etc'); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0083_OPENJDK8.NASL
description	An update of the openjdk8 package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136095
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136095
title	Photon OS 3.0: Openjdk8 PHSA-2020-3.0-0083
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-3.0-0083. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(136095); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_name(english:"Photon OS 3.0: Openjdk8 PHSA-2020-3.0-0083"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the openjdk8 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-83.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openjdk8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 3\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-debuginfo-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-doc-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-sample-1.8.0.252-1.ph3")) flag++; if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"openjdk8-src-1.8.0.252-1.ph3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjdk8"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1517.NASL
description	The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-30
modified	2020-04-22
plugin id	135908
published	2020-04-22
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135908
title	RHEL 8 : java-11-openjdk (RHSA-2020:1517)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1517. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135908); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/23"); script_cve_id( "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830" ); script_xref(name:"RHSA", value:"2020:1517"); script_name(english:"RHEL 8 : java-11-openjdk (RHSA-2020:1517)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1517 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/248.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/327.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/113.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/119.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/20.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/358.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/185.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1517"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2754"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2755"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2756"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2757"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2767"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2773"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2778"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2781"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2800"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2803"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2805"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2816"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-2830"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823199"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823200"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823215"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823216"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823224"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823527"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823542"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823694"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823844"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823853"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823879"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823947"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1823960"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20, 113, 119, 185, 248, 327, 358, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-javadoc-zip"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-11-openjdk-src"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) \|\| 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-debugsource-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-demo-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-devel-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-headless-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-javadoc-zip-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-jmods-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}, {'reference':'java-11-openjdk-src-11.0.7.10-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-11-openjdk / java-11-openjdk-debugsource / java-11-openjdk-demo / etc'); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-757.NASL
description	This update for java-11-openjdk fixes the following issues : Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed : - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-10
modified	2020-06-04
plugin id	137132
published	2020-06-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/137132
title	openSUSE Security Update : java-11-openjdk (openSUSE-2020-757)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-757. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(137132); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2767", "CVE-2020-2773", "CVE-2020-2778", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2816", "CVE-2020-2830"); script_name(english:"openSUSE Security Update : java-11-openjdk (openSUSE-2020-757)"); script_summary(english:"Check for the openSUSE-2020-757 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for java-11-openjdk fixes the following issues : Java was updated to jdk-11.0.7+10 (April 2020 CPU, bsc#1169511). Security issues fixed : - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2755: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2756: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). - CVE-2020-2757: Fixed an object deserialization issue that could have resulted in denial of service via crafted serialized input (bsc#1169511). - CVE-2020-2767: Fixed an incorrect handling of certificate messages during TLS handshakes (bsc#1169511). - CVE-2020-2773: Fixed the incorrect handling of exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature() (bsc#1169511). - CVE-2020-2778: Fixed the incorrect handling of SSLParameters in setAlgorithmConstraints(), which could have been abused to override the defined systems security policy and lead to the use of weak crypto algorithms (bsc#1169511). - CVE-2020-2781: Fixed the incorrect re-use of single null TLS sessions (bsc#1169511). - CVE-2020-2800: Fixed an HTTP header injection issue caused by mishandling of CR/LF in header values (bsc#1169511). - CVE-2020-2803: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2805: Fixed a boundary check and type check issue that could have led to a sandbox bypass (bsc#1169511). - CVE-2020-2816: Fixed an incorrect handling of application data packets during TLS handshakes (bsc#1169511). - CVE-2020-2830: Fixed an incorrect handling of regular expressions that could have resulted in denial of service (bsc#1169511). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1167462" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169511" ); script_set_attribute( attribute:"solution", value:"Update the affected java-11-openjdk packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2800"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-accessibility-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-headless"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-jmods"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:java-11-openjdk-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-accessibility-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-accessibility-debuginfo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-debuginfo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-debugsource-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-demo-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-devel-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-headless-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-javadoc-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-jmods-11.0.7.0-lp151.3.16.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"java-11-openjdk-src-11.0.7.0-lp151.3.16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-11-openjdk / java-11-openjdk-accessibility / etc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2020-1509.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-05-01
plugin id	136196
published	2020-05-01
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136196
title	CentOS 7 : java-11-openjdk (CESA-2020:1509)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL
description	An update of the openjdk11 package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136109
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136109
title	Photon OS 1.0: Openjdk11 PHSA-2020-1.0-0290

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-1514.NASL
description	From Red Hat Security Advisory 2020:1514 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1514 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-04-24
plugin id	135955
published	2020-04-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135955
title	Oracle Linux 8 : java-11-openjdk (ELSA-2020-1514)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2020-1509.NASL
description	From Red Hat Security Advisory 2020:1509 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-06
modified	2020-04-24
plugin id	135951
published	2020-04-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135951
title	Oracle Linux 7 : java-11-openjdk (ELSA-2020-1509)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0235_OPENJDK8.NASL
description	An update of the openjdk8 package has been released.
last seen	2020-05-08
modified	2020-05-05
plugin id	136334
published	2020-05-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136334
title	Photon OS 2.0: Openjdk8 PHSA-2020-2.0-0235

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4662.NASL
description	Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, insecure TLS handshakes, bypass of sandbox restrictions or HTTP response splitting attacks.
last seen	2020-04-30
modified	2020-04-27
plugin id	135982
published	2020-04-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135982
title	Debian DSA-4662-1 : openjdk-11 - security update

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-1_0-0290_OPENJDK.NASL
description	An update of the openjdk package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136108
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136108
title	Photon OS 1.0: Openjdk PHSA-2020-1.0-0290

NASL family	Misc.
NASL id	ORACLE_JAVA_CPU_APR_2020_UNIX.NASL
description	The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 261, 8 Update 251, 11 Update 7, or 14 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components : - Oracle Java SE and Java SE Embedded are prone to a buffer overflow attack, over
last seen	2020-05-23
modified	2020-04-16
plugin id	135591
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135591
title	Oracle Java SE 1.7.0_261 / 1.8.0_251 / 1.11.0_7 / 1.14.0_1 Multiple Vulnerabilities (Apr 2020 CPU) (Unix)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20200421_JAVA_11_OPENJDK_ON_SL7_X.NASL
description	Security Fix(es) : - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757)
last seen	2020-04-30
modified	2020-04-22
plugin id	135887
published	2020-04-22
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135887
title	Scientific Linux Security Update : java-11-openjdk on SL7.x x86_64 (20200421)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL
description	An update of the openjdk11 package has been released.
last seen	2020-05-08
modified	2020-05-05
plugin id	136333
published	2020-05-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136333
title	Photon OS 2.0: Openjdk11 PHSA-2020-2.0-0235

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4337-1.NASL
description	It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. (CVE-2020-2754, CVE-2020-2755) It was discovered that OpenJDK incorrectly handled class descriptors and catching exceptions during object stream deserialization. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted serialized input. (CVE-2020-2756, CVE-2020-2757) Bengt Jonsson, Juraj Somorovsky, Kostis Sagonas, Paul Fiterau Brostean and Robert Merget discovered that OpenJDK incorrectly handled certificate messages during TLS handshake. An attacker could possibly use this issue to bypass certificate verification and insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2767) It was discovered that OpenJDK incorrectly handled exceptions thrown by unmarshalKeyInfo() and unmarshalXMLSignature(). An attacker could possibly use this issue to cause a denial of service while reading key info or XML signature data from XML input. (CVE-2020-2773) Peter Dettman discovered that OpenJDK incorrectly handled SSLParameters in setAlgorithmConstraints(). An attacker could possibly use this issue to override the defined systems security policy and lead to the use of weak crypto algorithms that should be disabled. This issue only affected OpenJDK 11. (CVE-2020-2778) Simone Bordet discovered that OpenJDK incorrectly re-used single null TLS sessions for new TLS connections. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-2781) Dan Amodio discovered that OpenJDK did not restrict the use of CR and LF characters in values for HTTP headers. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2020-2800) Nils Emmerich discovered that OpenJDK incorrectly checked boundaries or argument types. An attacker could possibly use this issue to bypass sandbox restrictions causing unspecified impact. (CVE-2020-2803, CVE-2020-2805) It was discovered that OpenJDK incorrectly handled application data packets during TLS handshake. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11. (CVE-2020-2816) It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-2830). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-30
modified	2020-04-24
plugin id	135967
published	2020-04-24
reporter	Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135967
title	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : openjdk-8, openjdk-lts vulnerabilities (USN-4337-1)

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2020-1410.NASL
description	Further information about this update can be found in the Corretto 11 change log (https://github.com/corretto/corretto-11/blob/develop/CHANGELOG.md)
last seen	2020-04-30
modified	2020-04-16
plugin id	135595
published	2020-04-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135595
title	Amazon Linux 2 : java-11-amazon-corretto (ALAS-2020-1410)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2020-1509.NASL
description	The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1509 advisory. - OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) - OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) - OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) - OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) - OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) - OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) - OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) - OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) - OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) - OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) - OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) - OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-04-30
modified	2020-04-22
plugin id	135905
published	2020-04-22
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135905
title	RHEL 7 : java-11-openjdk (RHSA-2020:1509)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL
description	An update of the openjdk11 package has been released.
last seen	2020-05-03
modified	2020-04-29
plugin id	136100
published	2020-04-29
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/136100
title	Photon OS 3.0: Openjdk11 PHSA-2020-3.0-0084

Redhat

rpms

java-11-openjdk-1:11.0.7.10-4.el7_8
java-11-openjdk-debuginfo-1:11.0.7.10-4.el7_8
java-11-openjdk-demo-1:11.0.7.10-4.el7_8
java-11-openjdk-devel-1:11.0.7.10-4.el7_8
java-11-openjdk-headless-1:11.0.7.10-4.el7_8
java-11-openjdk-javadoc-1:11.0.7.10-4.el7_8
java-11-openjdk-javadoc-zip-1:11.0.7.10-4.el7_8
java-11-openjdk-jmods-1:11.0.7.10-4.el7_8
java-11-openjdk-src-1:11.0.7.10-4.el7_8
java-11-openjdk-1:11.0.7.10-1.el8_1
java-11-openjdk-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-debugsource-1:11.0.7.10-1.el8_1
java-11-openjdk-demo-1:11.0.7.10-1.el8_1
java-11-openjdk-devel-1:11.0.7.10-1.el8_1
java-11-openjdk-devel-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-headless-1:11.0.7.10-1.el8_1
java-11-openjdk-headless-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-javadoc-1:11.0.7.10-1.el8_1
java-11-openjdk-javadoc-zip-1:11.0.7.10-1.el8_1
java-11-openjdk-jmods-1:11.0.7.10-1.el8_1
java-11-openjdk-slowdebug-debuginfo-1:11.0.7.10-1.el8_1
java-11-openjdk-src-1:11.0.7.10-1.el8_1
java-11-openjdk-1:11.0.7.10-1.el8_0
java-11-openjdk-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-debugsource-1:11.0.7.10-1.el8_0
java-11-openjdk-demo-1:11.0.7.10-1.el8_0
java-11-openjdk-devel-1:11.0.7.10-1.el8_0
java-11-openjdk-devel-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-devel-slowdebug-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-headless-1:11.0.7.10-1.el8_0
java-11-openjdk-headless-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-headless-slowdebug-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-javadoc-1:11.0.7.10-1.el8_0
java-11-openjdk-javadoc-zip-1:11.0.7.10-1.el8_0
java-11-openjdk-jmods-1:11.0.7.10-1.el8_0
java-11-openjdk-slowdebug-debuginfo-1:11.0.7.10-1.el8_0
java-11-openjdk-src-1:11.0.7.10-1.el8_0

Vulnerabilities > CVE-2020-2816 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2020-2816"}]}

Summary

Vulnerable Configurations

Nessus

Redhat

References

Vulnerabilities > CVE-2020-2816