Lucene search
Copyright (C) 2021 Greenbone Networks GmbHOPENVAS:1361412562310150649HistoryMay 31, 2021 - 12:00 a.m.
Oracle OpenJDK Multiple Vulnerabilities (Apr 2019)
2021-05-3100:00:00
Copyright (C) 2021 Greenbone Networks GmbH
plugins.openvas.org
14
oracle openjdk
multiple vulnerabilities
updates available
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.021
Percentile
89.3%
Oracle OpenJDK is prone to multiple vulnerabilities.
# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
CPE = "cpe:/a:oracle:openjdk";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.150649");
script_version("2022-08-17T10:11:15+0000");
script_tag(name:"last_modification", value:"2022-08-17 10:11:15 +0000 (Wed, 17 Aug 2022)");
script_tag(name:"creation_date", value:"2021-05-31 08:42:17 +0000 (Mon, 31 May 2021)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-12 18:03:00 +0000 (Fri, 12 Aug 2022)");
script_cve_id("CVE-2019-2698", "CVE-2019-2602", "CVE-2019-2684");
script_tag(name:"qod_type", value:"executable_version_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Oracle OpenJDK Multiple Vulnerabilities (Apr 2019)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
script_family("General");
script_dependencies("secpod_openjdk_detect.nasl");
script_mandatory_keys("openjdk/detected");
script_tag(name:"summary", value:"Oracle OpenJDK is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Please see the references for more information on the
vulnerabilities.");
script_tag(name:"affected", value:"Oracle OpenJDK versions 12, 11.0.2, 8u202 (1.8.0.202), 7u211
(1.7.0.211) and prior.");
script_tag(name:"solution", value:"The vendor has released updates. Please see the references for
more information.");
script_xref(name:"URL", value:"https://openjdk.java.net/groups/vulnerability/advisories/2019-04-16");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
vers = infos["version"];
path = infos["location"];
if( version_is_equal( version:vers, test_version:"12.0" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"See advisory", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
if( vers =~ "^11" && version_is_less_equal( version:vers, test_version:"11.0.2" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"See advisory", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
if( vers =~ "^1\.8" && version_is_less_equal( version:vers, test_version:"1.8.0.202" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"See advisory", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
if( vers =~ "^1\.7" && version_is_less_equal( version:vers, test_version:"1.7.0.211" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"See advisory", install_path:path );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );Related
nessus
nessus
NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0154)
2019-08-12 00:00:00
CentOS 6 : java-1.7.0-openjdk (CESA-2019:0790)
2019-04-24 00:00:00
Debian DSA-4453-1 : openjdk-8 - security update
2019-05-31 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2019-07-30 00:00:00
java-1.8.0-openjdk security and bug fix update
2019-04-17 00:00:00
java-1.7.0-openjdk security update
2019-04-22 00:00:00
debian
debian
[SECURITY] [DLA 1782-1] openjdk-7 security update
2019-05-10 16:39:02
[SECURITY] [DSA 4453-1] openjdk-8 security update
2019-05-29 21:15:56
centos
centos
java security update
2019-04-22 22:47:39
java security update
2019-04-22 22:45:55
java security update
2019-04-19 18:51:58
openvas
openvas
CentOS Update for java CESA-2019:0790 centos6
2019-04-24 00:00:00
CentOS Update for java CESA-2019:0791 centos7
2019-04-24 00:00:00
Debian: Security Advisory (DLA-1782-1)
2019-05-11 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-05-08 00:38:09
redhat
redhat
(RHSA-2019:0790) Important: java-1.7.0-openjdk security update
2019-04-22 13:42:30
(RHSA-2019:0791) Important: java-1.7.0-openjdk security update
2019-04-22 13:42:43
(RHSA-2019:0774) Important: java-1.8.0-openjdk security and bug fix update
2019-04-17 14:49:38
osv
osv
openjdk-8 - security update
2019-05-29 00:00:00
openjdk-7 - security update
2019-05-10 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2019-08-07 23:35:00
Important: java-1.7.0-openjdk
2019-05-16 21:42:00
Important: java-11-amazon-corretto
2019-06-11 23:21:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker
2020-03-23 20:41:52
ubuntu
ubuntu
OpenJDK vulnerabilities
2019-05-13 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-05-23 00:00:00
Security update for java-11-openjdk (moderate)
2019-05-04 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-06-28 13:47:27
kaspersky
kaspersky
KLA11470 Multiple vulnerabilities in Oracle Java SE
2019-04-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0232
2019-05-09 00:00:00
f5
f5
K07519400 : Java SE vulnerabilities CVE-2019-2602, CVE-2019-2698, CVE-2019-2945, and CVE-2019-2962
2022-06-10 00:00:00
K11175903 : Oracle Java SE vulnerability CVE-2019-2684
2020-01-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-16 04:17:27
nvd
nvd
CVE-2019-2684
2019-04-23 19:32:55
cve
cve
CVE-2019-2684
2019-04-23 19:32:55
alpinelinux
alpinelinux
CVE-2019-2684
2019-04-23 19:32:55
prion
prion
Design/Logic Flaw
2019-04-23 19:32:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.021
Percentile
89.3%
Related for OPENVAS:1361412562310150649