Lucene search

HistoryAug 25, 2021 - 12:00 a.m.

Oracle Java SE Security Updates - 02 - (cpujul2020) - Linux

2021-08-2500:00:00

plugins.openvas.org

oracle

java

security

vulnerabilities

linux

libraries

denial of service

update

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.3

Confidence

Low

EPSS

0.003

Percentile

71.8%

JSON

Oracle Java SE is prone to multiple security vulnerabilities.

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.118165");
  script_version("2024-02-26T14:36:40+0000");
  script_cve_id("CVE-2020-14578", "CVE-2020-14579");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2024-02-26 14:36:40 +0000 (Mon, 26 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-11-10 16:15:00 +0000 (Tue, 10 Nov 2020)");
  script_tag(name:"creation_date", value:"2021-08-25 09:18:34 +0200 (Wed, 25 Aug 2021)");
  script_name("Oracle Java SE Security Updates - 02 - (cpujul2020) - Linux");

  script_tag(name:"summary", value:"Oracle Java SE is prone to multiple security vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"The flaws exist due to errors in the 'Libraries'
  component.");

  script_tag(name:"impact", value:"Successful attacks of these vulnerabilities can result in
  unauthorized ability to cause a partial denial of service.");

  script_tag(name:"affected", value:"Oracle Java SE version 7u261 (1.7.0.261) and earlier, 8u251
  (1.8.0.251) and earlier on Linux.");

  script_tag(name:"solution", value:"The vendor has released updates. Please see the references
  for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://www.oracle.com/security-alerts/cpujul2020.html#AppendixJAVA");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("General");
  script_dependencies("gb_java_prdts_detect_lin.nasl");
  script_mandatory_keys("Oracle/Java/JDK_or_JRE/Linux/detected");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/a:oracle:jre", "cpe:/a:oracle:jdk");

if(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))
  exit(0);

vers = infos["version"];
path = infos["location"];

if( version_in_range( version:vers, test_version:"1.7.0", test_version2:"1.7.0.261" ) ||
  version_in_range( version:vers, test_version:"1.8.0", test_version2:"1.8.0.251" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"Apply the patch", install_path:path );
  security_message( data:report );
  exit( 0 );
}

exit( 99 );