Lucene search
This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2012-0514.NASLHistoryApr 25, 2012 - 12:00 a.m.
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)
2012-04-2500:00:00
This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.968 High
EPSS
Percentile
99.7%
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0514 advisory.
-
OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) (CVE-2011-3563)
-
GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003) (CVE-2011-5035)
-
OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) (CVE-2012-0497)
-
Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) (CVE-2012-0498, CVE-2012-0499)
-
Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) (CVE-2012-0500)
-
OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) (CVE-2012-0501)
-
OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) (CVE-2012-0502)
-
OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) (CVE-2012-0503)
-
OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) (CVE-2012-0505)
-
OpenJDK: mutable repository identifiers (CORBA, 7110704) (CVE-2012-0506)
-
OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) (CVE-2012-0507)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0514. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(58866);
script_version("1.35");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/21");
script_cve_id(
"CVE-2011-3563",
"CVE-2011-5035",
"CVE-2012-0497",
"CVE-2012-0498",
"CVE-2012-0499",
"CVE-2012-0500",
"CVE-2012-0501",
"CVE-2012-0502",
"CVE-2012-0503",
"CVE-2012-0505",
"CVE-2012-0506",
"CVE-2012-0507"
);
script_bugtraq_id(
51194,
52009,
52011,
52012,
52013,
52014,
52015,
52016,
52017,
52018,
52019,
52161
);
script_xref(name:"RHSA", value:"2012:0514");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");
script_name(english:"RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for java-1.6.0-ibm.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2012:0514 advisory.
- OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) (CVE-2011-3563)
- GlassFish: hash table collisions CPU usage DoS (oCERT-2011-003) (CVE-2011-5035)
- OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) (CVE-2012-0497)
- Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) (CVE-2012-0498, CVE-2012-0499)
- Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) (CVE-2012-0500)
- OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) (CVE-2012-0501)
- OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) (CVE-2012-0502)
- OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) (CVE-2012-0503)
- OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) (CVE-2012-0505)
- OpenJDK: mutable repository identifiers (CORBA, 7110704) (CVE-2012-0506)
- OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) (CVE-2012-0507)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://www.ibm.com/developerworks/java/jdk/alerts/");
# https://access.redhat.com/security/data/csaf/v2/advisories/2012/rhsa-2012_0514.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c176a9ae");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0514");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#critical");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=788606");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=788624");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=788976");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=788994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=789295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=789297");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=789299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=789300");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=789301");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=790720");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=790722");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=790724");
script_set_attribute(attribute:"solution", value:
"Update the RHEL java-1.6.0-ibm package based on the guidance in RHSA-2012:0514.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-0507");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-0498");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_cwe_id(193);
script_set_attribute(attribute:"vendor_severity", value:"Critical");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/29");
script_set_attribute(attribute:"patch_publication_date", value:"2012/04/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['5','6'])) audit(AUDIT_OS_NOT, 'Red Hat 5.x / 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/client/5/5Client/i386/supplementary/debug',
'content/dist/rhel/client/5/5Client/i386/supplementary/os',
'content/dist/rhel/client/5/5Client/i386/supplementary/source/SRPMS',
'content/dist/rhel/client/5/5Client/x86_64/supplementary/debug',
'content/dist/rhel/client/5/5Client/x86_64/supplementary/os',
'content/dist/rhel/client/5/5Client/x86_64/supplementary/source/SRPMS',
'content/dist/rhel/power/5/5Server/ppc/supplementary/debug',
'content/dist/rhel/power/5/5Server/ppc/supplementary/os',
'content/dist/rhel/power/5/5Server/ppc/supplementary/source/SRPMS',
'content/dist/rhel/server/5/5Server/i386/supplementary/debug',
'content/dist/rhel/server/5/5Server/i386/supplementary/os',
'content/dist/rhel/server/5/5Server/i386/supplementary/source/SRPMS',
'content/dist/rhel/server/5/5Server/x86_64/supplementary/debug',
'content/dist/rhel/server/5/5Server/x86_64/supplementary/os',
'content/dist/rhel/server/5/5Server/x86_64/supplementary/source/SRPMS',
'content/dist/rhel/system-z/5/5Server/s390x/supplementary/debug',
'content/dist/rhel/system-z/5/5Server/s390x/supplementary/os',
'content/dist/rhel/system-z/5/5Server/s390x/supplementary/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/i386/supplementary/debug',
'content/dist/rhel/workstation/5/5Client/i386/supplementary/os',
'content/dist/rhel/workstation/5/5Client/i386/supplementary/source/SRPMS',
'content/dist/rhel/workstation/5/5Client/x86_64/supplementary/debug',
'content/dist/rhel/workstation/5/5Client/x86_64/supplementary/os',
'content/dist/rhel/workstation/5/5Client/x86_64/supplementary/source/SRPMS'
],
'pkgs': [
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'i386', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'ppc64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'s390x', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
]
},
{
'repo_relative_urls': [
'content/dist/rhel/client/6/6Client/i386/supplementary/debug',
'content/dist/rhel/client/6/6Client/i386/supplementary/os',
'content/dist/rhel/client/6/6Client/i386/supplementary/source/SRPMS',
'content/dist/rhel/client/6/6Client/x86_64/supplementary/debug',
'content/dist/rhel/client/6/6Client/x86_64/supplementary/os',
'content/dist/rhel/client/6/6Client/x86_64/supplementary/source/SRPMS',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/debug',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/os',
'content/dist/rhel/computenode/6/6ComputeNode/x86_64/supplementary/source/SRPMS',
'content/dist/rhel/power/6/6Server/ppc64/supplementary/debug',
'content/dist/rhel/power/6/6Server/ppc64/supplementary/os',
'content/dist/rhel/power/6/6Server/ppc64/supplementary/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/supplementary/debug',
'content/dist/rhel/server/6/6Server/i386/supplementary/os',
'content/dist/rhel/server/6/6Server/i386/supplementary/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/supplementary/debug',
'content/dist/rhel/server/6/6Server/x86_64/supplementary/os',
'content/dist/rhel/server/6/6Server/x86_64/supplementary/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/supplementary/debug',
'content/dist/rhel/system-z/6/6Server/s390x/supplementary/os',
'content/dist/rhel/system-z/6/6Server/s390x/supplementary/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/debug',
'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/os',
'content/dist/rhel/workstation/6/6Workstation/i386/supplementary/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/supplementary/source/SRPMS'
],
'pkgs': [
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | java-1.6.0-ibm | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm |
| redhat | enterprise_linux | java-1.6.0-ibm-accessibility | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility |
| redhat | enterprise_linux | java-1.6.0-ibm-demo | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo |
| redhat | enterprise_linux | java-1.6.0-ibm-devel | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel |
| redhat | enterprise_linux | java-1.6.0-ibm-javacomm | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm |
| redhat | enterprise_linux | java-1.6.0-ibm-jdbc | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc |
| redhat | enterprise_linux | java-1.6.0-ibm-plugin | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin |
| redhat | enterprise_linux | java-1.6.0-ibm-src | p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src |
| redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
| redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
www.ibm.com/developerworks/java/jdk/alerts/
www.nessus.org/u?c176a9ae
access.redhat.com/errata/RHSA-2012:0514
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=788606
bugzilla.redhat.com/show_bug.cgi?id=788624
bugzilla.redhat.com/show_bug.cgi?id=788976
bugzilla.redhat.com/show_bug.cgi?id=788994
bugzilla.redhat.com/show_bug.cgi?id=789295
bugzilla.redhat.com/show_bug.cgi?id=789297
bugzilla.redhat.com/show_bug.cgi?id=789299
bugzilla.redhat.com/show_bug.cgi?id=789300
bugzilla.redhat.com/show_bug.cgi?id=789301
bugzilla.redhat.com/show_bug.cgi?id=790720
bugzilla.redhat.com/show_bug.cgi?id=790722
bugzilla.redhat.com/show_bug.cgi?id=790724
Related
veracode
veracode
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0603-1)
2021-06-09 00:00:00
Java Runtime Environment Multiple Vulnerabilities - Mac OS X
2012-04-09 00:00:00
Java Runtime Environment Multiple Vulnerabilities (MAC OS X)
2012-04-09 00:00:00
nessus
nessus
SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8094)
2012-05-10 00:00:00
SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 6225)
2013-01-25 00:00:00
Mac OS X : Java for Mac OS X 10.6 Update 7
2012-04-05 00:00:00
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
Security update for java-1_4_2-ibm-sap (important)
2012-07-16 19:08:35
Security update for Java 1.6.0 (important)
2012-02-27 21:08:20
redhat
redhat
(RHSA-2012:0514) Critical: java-1.6.0-ibm security update
2012-04-24 00:00:00
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
(RHSA-2012:0322) Important: java-1.6.0-openjdk security update
2012-02-21 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
ubuntu
ubuntu
OpenJDK 6 (ARM) vulnerabilities
2012-03-01 00:00:00
OpenJDK 6 vulnerabilities
2012-02-24 00:00:00
centos
centos
java security update
2012-02-15 10:26:37
debian
debian
[SECURITY] [DSA 2420-1] openjdk-6 security update
2012-02-28 20:11:47
osv
osv
openjdk-6 - several
2012-02-28 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-02-15 00:00:00
java-1.6.0-openjdk security update
2012-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc17
2012-02-28 10:45:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc16
2012-02-15 23:55:01
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-65.1.11.1.fc16
2012-02-17 23:50:54
amazon
amazon
Critical: java-1.6.0-openjdk
2012-02-15 17:12:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
threatpost
threatpost
Mozilla Adds Older Java Versions to Firefox Blocklist
2012-04-03 13:25:06
Nepalese Government Sites Hacked, Serving Zegost Malware
2012-08-08 20:16:56
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
Java AtomicReferenceArray Type Violation Vulnerability
2014-07-01 00:00:00
Oracle Java SE i18n子组件远程安全漏洞
2012-02-29 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
Buffer overflow
2011-12-30 01:55:00
Design/Logic Flaw
2012-02-15 22:55:00
nvd
nvd
cvelist
cvelist
cve
cve
debiancve
debiancve
CVE-2011-5035
2011-12-30 01:55:00
cisa
cisa
Apple Update for Java for OS X Lion and Mac OS X
2012-04-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java AtomicReferenceArray Sandbox Breach Code Execution - Ver2 (CVE-2012-0507)
2014-12-28 00:00:00
Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow (CVE-2012-0499)
2012-05-28 00:00:00
Oracle Java zip_util readCEN Stack Overflow (CVE-2012-0501)
2012-05-14 00:00:00
saint
saint
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java Web Start initial heap size command injection
2012-03-02 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
packetstorm
packetstorm
Java AtomicReferenceArray Type Violation
2012-03-30 00:00:00
thn
thn
New Java Exploits boosts BlackHole exploit kit
2012-04-01 19:36:00
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 14:48:00
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 03:48:00
zdi
zdi
cisa_kev
cisa_kev
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
10 High
AI Score
Confidence
High
0.968 High
EPSS
Percentile
99.7%
Related for REDHAT-RHSA-2012-0514.NASL