CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
73.0%
An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
This update upgrades Oracle Java SE 7 to version 7 Update 151.
Security Fix(es) :
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:1791. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(101881);
script_version("3.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/11");
script_cve_id("CVE-2017-10053", "CVE-2017-10067", "CVE-2017-10074", "CVE-2017-10081", "CVE-2017-10086", "CVE-2017-10087", "CVE-2017-10089", "CVE-2017-10090", "CVE-2017-10096", "CVE-2017-10101", "CVE-2017-10102", "CVE-2017-10105", "CVE-2017-10107", "CVE-2017-10108", "CVE-2017-10109", "CVE-2017-10110", "CVE-2017-10114", "CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10118", "CVE-2017-10135", "CVE-2017-10176", "CVE-2017-10193", "CVE-2017-10198", "CVE-2017-10243");
script_xref(name:"RHSA", value:"2017:1791");
script_name(english:"RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:1791)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for java-1.7.0-oracle is now available for Oracle Java for
Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise
Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Oracle Java SE version 7 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.
This update upgrades Oracle Java SE 7 to version 7 Update 151.
Security Fix(es) :
* This update fixes multiple vulnerabilities in the Oracle Java
Runtime Environment and the Oracle Java Software Development Kit.
Further information about these flaws can be found on the Oracle Java
SE Critical Patch Update Advisory page, listed in the References
section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074,
CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089,
CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102,
CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109,
CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116,
CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193,
CVE-2017-10198, CVE-2017-10243)"
);
# http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?76f5def7"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.oracle.com/technetwork/java/javaseproducts/documentation/"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2017:1791"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10053"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10067"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10074"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10081"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10086"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10087"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10089"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10090"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10096"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10101"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10102"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10105"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10107"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10108"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10109"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10110"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10114"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10115"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10116"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10118"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10135"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10176"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10193"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10198"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2017-10243"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2017:1791";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el6")) flag++;
if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el7_3")) flag++;
if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el7_3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-oracle / java-1.7.0-oracle-devel / etc");
}
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10086
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10101
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10105
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10108
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10118
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10176
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10193
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10243
www.nessus.org/u?76f5def7
www.oracle.com/technetwork/java/javaseproducts/documentation/
access.redhat.com/errata/RHSA-2017:1791
access.redhat.com/security/cve/cve-2017-10053
access.redhat.com/security/cve/cve-2017-10067
access.redhat.com/security/cve/cve-2017-10074
access.redhat.com/security/cve/cve-2017-10081
access.redhat.com/security/cve/cve-2017-10086
access.redhat.com/security/cve/cve-2017-10087
access.redhat.com/security/cve/cve-2017-10089
access.redhat.com/security/cve/cve-2017-10090
access.redhat.com/security/cve/cve-2017-10096
access.redhat.com/security/cve/cve-2017-10101
access.redhat.com/security/cve/cve-2017-10102
access.redhat.com/security/cve/cve-2017-10105
access.redhat.com/security/cve/cve-2017-10107
access.redhat.com/security/cve/cve-2017-10108
access.redhat.com/security/cve/cve-2017-10109
access.redhat.com/security/cve/cve-2017-10110
access.redhat.com/security/cve/cve-2017-10114
access.redhat.com/security/cve/cve-2017-10115
access.redhat.com/security/cve/cve-2017-10116
access.redhat.com/security/cve/cve-2017-10118
access.redhat.com/security/cve/cve-2017-10135
access.redhat.com/security/cve/cve-2017-10176
access.redhat.com/security/cve/cve-2017-10193
access.redhat.com/security/cve/cve-2017-10198
access.redhat.com/security/cve/cve-2017-10243
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
73.0%