Lucene search
Copyright (C) 2015 Greenbone AGOPENVAS:1361412562310703381HistoryOct 26, 2015 - 12:00 a.m.
Debian: Security Advisory (DSA-3381-1)
2015-10-2600:00:00
Copyright (C) 2015 Greenbone AG
plugins.openvas.org
17
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
High
0.286 Low
EPSS
Percentile
96.9%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.703381");
script_cve_id("CVE-2015-4734", "CVE-2015-4803", "CVE-2015-4805", "CVE-2015-4806", "CVE-2015-4835", "CVE-2015-4840", "CVE-2015-4842", "CVE-2015-4843", "CVE-2015-4844", "CVE-2015-4860", "CVE-2015-4872", "CVE-2015-4881", "CVE-2015-4882", "CVE-2015-4883", "CVE-2015-4893", "CVE-2015-4903", "CVE-2015-4911");
script_tag(name:"creation_date", value:"2015-10-26 23:00:00 +0000 (Mon, 26 Oct 2015)");
script_version("2024-02-02T05:06:05+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian: Security Advisory (DSA-3381-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB7");
script_xref(name:"Advisory-ID", value:"DSA-3381-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2015/DSA-3381-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-3381");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openjdk-7' package(s) announced via the DSA-3381-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, or denial of service.
For the oldstable distribution (wheezy), these problems have been fixed in version 7u85-2.6.1-6~deb7u1.
For the stable distribution (jessie), these problems have been fixed in version 7u85-2.6.1-5~deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7u85-2.6.1-6.
We recommend that you upgrade your openjdk-7 packages.");
script_tag(name:"affected", value:"'openjdk-7' package(s) on Debian 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"icedtea-7-jre-cacao", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"icedtea-7-jre-jamvm", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-dbg", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-demo", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-doc", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jdk", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-headless", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-lib", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-zero", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-source", ver:"7u85-2.6.1-6~deb7u1", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:1902-1)
2015-11-05 00:00:00
CentOS Update for java CESA-2015:1920 centos6
2015-10-22 00:00:00
openSUSE: Security Advisory for java-1_7_0-openjdk (openSUSE-SU-2015:1971-1)
2016-02-02 00:00:00
nessus
nessus
CentOS 5 : java-1.7.0-openjdk (CESA-2015:1921)
2015-10-22 00:00:00
SUSE SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1874-1)
2015-11-03 00:00:00
RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2015:1920)
2015-10-22 00:00:00
centos
centos
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
java security update
2015-11-18 19:46:16
redhat
redhat
(RHSA-2015:1920) Critical: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:1921) Important: java-1.7.0-openjdk security update
2015-10-21 00:00:00
(RHSA-2015:2086) Important: java-1.6.0-openjdk security update
2015-11-18 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:35:18
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:26
Security update for java-1_7_0-openjdk (important)
2015-11-12 14:18:13
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.8.0-openjdk security update
2015-10-21 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
veracode
veracode
Improper Certificate Validation
2019-05-02 05:19:33
Unspecified Vulnerability
2019-05-02 05:19:33
Denial Of Service
2019-05-02 05:19:33
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
debian
debian
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
archlinux
archlinux
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00
jre7-openjdk: multiple issues
2015-10-23 00:00:00
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
ibm
ibm
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
kaspersky
kaspersky
KLA10683 Multiple vulnerabilities in Oracle Java SE
2015-10-20 00:00:00
freebsd
freebsd
java -- multiple vulnerabilities
2015-10-20 00:00:00
f5
f5
Multiple Java vulnerabilities
2015-11-26 18:23:00
SOL05200155 - Multiple Java vulnerabilities
2015-11-26 00:00:00
prion
prion
Design/Logic Flaw
2015-10-21 21:59:00
Design/Logic Flaw
2015-10-22 00:00:00
nvd
nvd
ubuntucve
ubuntucve
CVE-2015-4893
2015-10-21 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
High
0.286 Low
EPSS
Percentile
96.9%
Related for OPENVAS:1361412562310703381