10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.04 Low
EPSS
Percentile
92.1%
The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update August 2018 advisory.
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. (CVE-2016-0705)
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. (CVE-2017-3736)
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
(CVE-2018-1517)
The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. (CVE-2018-1656)
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. (CVE-2018-12539)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(160350);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/25");
script_cve_id(
"CVE-2016-0705",
"CVE-2017-3732",
"CVE-2017-3736",
"CVE-2018-1517",
"CVE-2018-1656",
"CVE-2018-12539"
);
script_xref(name:"IAVA", value:"2016-A-0056-S");
script_xref(name:"IAVB", value:"2016-B-0083-S");
script_xref(name:"IAVA", value:"2017-A-0228-S");
script_xref(name:"IAVA", value:"2017-A-0032-S");
script_xref(name:"IAVA", value:"2017-A-0224-S");
script_xref(name:"IAVA", value:"2018-A-0117-S");
script_xref(name:"IAVA", value:"2018-A-0033-S");
script_xref(name:"IAVA", value:"2017-A-0327-S");
script_xref(name:"IAVA", value:"2018-A-0118-S");
script_xref(name:"IAVA", value:"2019-A-0130");
script_name(english:"IBM Java 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 / 7.1 < 7.1.4.30 / 8.0 < 8.0.5.20 Multiple Vulnerabilities (Aug 1, 2018)");
script_set_attribute(attribute:"synopsis", value:
"IBM Java is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.70 / 6.1 < 6.1.8.70 / 7.0 < 7.0.10.30 /
7.1 < 7.1.4.30 / 8.0 < 8.0.5.20. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM
Security Update August 2018 advisory.
- Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1
before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via a malformed DSA private key. (CVE-2016-0705)
- There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before
1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA
and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks
against DH are considered just feasible (although very difficult) because most of the work necessary to
deduce information about a private key may be performed offline. The amount of resources required for such
an attack would be very significant and likely only accessible to a limited number of attackers. An
attacker would additionally need online access to an unpatched system using the target private key in a
scenario with persistent DH parameters and a private key that is shared between multiple clients. For
example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
similar to CVE-2015-3193 but must be treated as a separate problem. (CVE-2017-3732)
- There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and
1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as
a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH
are considered just feasible (although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount of resources required for such an
attack would be very significant and likely only accessible to a limited number of attackers. An attacker
would additionally need online access to an unpatched system using the target private key in a scenario
with persistent DH parameters and a private key that is shared between multiple clients. This only affects
processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later
or AMD Ryzen. (CVE-2017-3736)
- A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an
attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
(CVE-2018-1517)
- The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology
Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed
dump files. IBM X-Force ID: 144882. (CVE-2018-1656)
- In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to
connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes
the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX
JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. (CVE-2018-12539)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ07855");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08248");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08250");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ08278");
# https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jceplusdocs/jceplus.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a20a1bce");
# https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_August_2018
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?40e319ff");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the IBM Security Update August 2018 advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0705");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/01");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:java");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ibm_java_nix_installed.nbin", "ibm_java_win_installed.nbin");
script_require_keys("installed_sw/Java");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var app_list = ['IBM Java'];
var app_info = vcf::java::get_app_info(app:app_list);
var constraints = [
{ 'min_version' : '6.0.0', 'fixed_version' : '6.0.16.70' },
{ 'min_version' : '6.1.0', 'fixed_version' : '6.1.8.70' },
{ 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.30' },
{ 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.30' },
{ 'min_version' : '8.0.0', 'fixed_version' : '8.0.5.20' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1656
www-01.ibm.com/support/docview.wss?uid=swg1IJ07855
www-01.ibm.com/support/docview.wss?uid=swg1IJ08248
www-01.ibm.com/support/docview.wss?uid=swg1IJ08250
www-01.ibm.com/support/docview.wss?uid=swg1IJ08278
www.nessus.org/u?40e319ff
www.nessus.org/u?a20a1bce
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.04 Low
EPSS
Percentile
92.1%