Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_JAVA-1_5_0-IBM-8100.NASL
HistoryMay 10, 2012 - 12:00 a.m.

SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)

2012-05-1000:00:00
This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
118

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

IBM Java 1.5.0 has been updated to SR13-FP1, fixing various security issues.

More information can be found on :

http://www.ibm.com/developerworks/java/jdk/alerts/

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59064);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");

  script_cve_id(
    "CVE-2011-3563",
    "CVE-2012-0498",
    "CVE-2012-0499",
    "CVE-2012-0501",
    "CVE-2012-0502",
    "CVE-2012-0503",
    "CVE-2012-0505",
    "CVE-2012-0506",
    "CVE-2012-0507"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8100)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SuSE 10 host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"IBM Java 1.5.0 has been updated to SR13-FP1, fixing various security
issues.

More information can be found on :

http://www.ibm.com/developerworks/java/jdk/alerts/");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-3563.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0498.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0499.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0501.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0502.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0503.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0505.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0506.html");
  script_set_attribute(attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-0507.html");
  script_set_attribute(attribute:"solution", value:
"Apply ZYPP patch number 8100.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java AtomicReferenceArray Type Violation Vulnerability');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:4, reference:"java-1_5_0-ibm-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"java-1_5_0-ibm-demo-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, reference:"java-1_5_0-ibm-src-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"java-1_5_0-ibm-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"java-1_5_0-ibm-devel-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, reference:"java-1_5_0-ibm-fonts-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr13.1-0.8.3")) flag++;
if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr13.1-0.8.3")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

References

Related

nessus 35
suse 7
openvas 49
redhat 7
veracode 10
ubuntu 2
ibm 4
centos 1
oraclelinux 2
debian 1
osv 1
fedora 8
amazon 1
threatpost 6
securityvulns 1
ubuntucve 8
prion 9
seebug 3
cvelist 8
checkpoint_advisories 6
saint 4
cve 9
nvd 8
packetstorm 1
cisa_kev 1
thn 3
zdi 1
canvas 1
metasploit 1
exploitdb 1
nessus
nessus
RHEL 5 : java-1.4.2-ibm-sap (RHSA-2012:1080)
2014-11-08 00:00:00
SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8151)
2012-06-14 00:00:00
SuSE 11.1 Security Update : IBM Java (SAT Patch Number 6360)
2013-01-25 00:00:00
suse
suse
Security update for java-1_4_2-ibm-sap (important)
2012-07-16 19:08:35
Security update for IBM Java (important)
2012-06-13 20:08:24
Security update for java-1_4_2-ibm-sap (important)
2012-08-21 19:08:40
openvas
openvas
Oracle Java SE JDK Multiple Vulnerabilities - February 2012 (Windows - 01)
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - February 2012 (Windows - 01)
2012-02-21 00:00:00
Oracle Java SE JRE Multiple Vulnerabilities - 01 - (Feb 2012) - Windows
2012-02-21 00:00:00
redhat
redhat
(RHSA-2012:0702) Critical: java-1.4.2-ibm security update
2012-05-30 00:00:00
(RHSA-2012:1080) Moderate: java-1.4.2-ibm-sap security update
2012-07-16 00:00:00
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
ubuntu
ubuntu
OpenJDK 6 (ARM) vulnerabilities
2012-03-01 00:00:00
OpenJDK 6 vulnerabilities
2012-02-24 00:00:00
ibm
ibm
Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)
2020-12-22 17:41:28
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012
2022-08-19 18:23:31
centos
centos
java security update
2012-02-15 10:26:37
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-02-28 00:00:00
java-1.6.0-openjdk security update
2012-02-15 00:00:00
debian
debian
[SECURITY] [DSA 2420-1] openjdk-6 security update
2012-02-28 20:11:47
osv
osv
openjdk-6 - several
2012-02-28 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc17
2012-02-28 10:45:39
[SECURITY] Fedora 16 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc16
2012-02-15 23:55:01
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-65.1.11.1.fc16
2012-02-17 23:50:54
amazon
amazon
Critical: java-1.6.0-openjdk
2012-02-15 17:12:00
threatpost
threatpost
Mozilla Adds Older Java Versions to Firefox Blocklist
2012-04-03 13:25:06
Nepalese Government Sites Hacked, Serving Zegost Malware
2012-08-08 20:16:56
Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel
2012-08-10 14:24:54
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
ubuntucve
ubuntucve
CVE-2012-0498
2012-02-15 00:00:00
CVE-2012-0501
2012-02-15 00:00:00
CVE-2012-0499
2012-02-15 00:00:00
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
Design/Logic Flaw
2012-02-15 22:55:00
Design/Logic Flaw
2012-02-15 22:55:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
Java AtomicReferenceArray Type Violation Vulnerability
2014-07-01 00:00:00
Oracle Java SE i18n子组件远程安全漏洞
2012-02-29 00:00:00
cvelist
cvelist
CVE-2012-0498
2012-02-15 22:00:00
CVE-2011-3563
2012-02-15 22:00:00
CVE-2012-0503
2012-02-15 22:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java AtomicReferenceArray Sandbox Breach Code Execution - Ver2 (CVE-2012-0507)
2014-12-28 00:00:00
Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow (CVE-2012-0499)
2012-05-28 00:00:00
Oracle Java zip_util readCEN Stack Overflow (CVE-2012-0501)
2012-05-14 00:00:00
saint
saint
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
cve
cve
CVE-2012-0498
2012-02-15 22:55:00
CVE-2012-0499
2012-02-15 22:55:00
CVE-2012-0503
2012-02-15 22:55:01
nvd
nvd
CVE-2012-0499
2012-02-15 22:55:00
CVE-2012-0506
2012-02-15 22:55:01
CVE-2011-3563
2012-02-15 22:55:00
packetstorm
packetstorm
Java AtomicReferenceArray Type Violation
2012-03-30 00:00:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
thn
thn
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 03:48:00
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 14:48:00
New Java Exploits boosts BlackHole exploit kit
2012-04-01 19:36:00
zdi
zdi
Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability
2012-04-09 00:00:00
canvas
canvas
Immunity Canvas: JAVA_ATOMICREFERENCEARRAY
2012-06-07 22:55:00
metasploit
metasploit
Java AtomicReferenceArray Type Violation Vulnerability
2012-03-29 15:31:14
exploitdb
exploitdb
Java - AtomicReferenceArray Type Violation (Metasploit)
2012-03-30 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for SUSE_JAVA-1_5_0-IBM-8100.NASL
nessus35suse7openvas49redhat7veracode10ubuntu2ibm4centos1oraclelinux2debian1osv1fedora8amazon1threatpost6securityvulns1ubuntucve8prion9seebug3cvelist8checkpoint_advisories6saint4cve9nvd8packetstorm1cisa_kev1thn3zdi1canvas1metasploit1exploitdb1