Lucene search
Copyright (C) 2019 Greenbone AGOPENVAS:1361412562310891782HistoryMay 11, 2019 - 12:00 a.m.
Debian: Security Advisory (DLA-1782-1)
2019-05-1100:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
74
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.021
Percentile
89.3%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.891782");
script_cve_id("CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2698");
script_tag(name:"creation_date", value:"2019-05-11 02:00:08 +0000 (Sat, 11 May 2019)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-04-25 18:12:29 +0000 (Thu, 25 Apr 2019)");
script_name("Debian: Security Advisory (DLA-1782-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB8");
script_xref(name:"Advisory-ID", value:"DLA-1782-1");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2019/DLA-1782-1");
script_xref(name:"URL", value:"https://wiki.debian.org/LTS");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openjdk-7' package(s) announced via the DLA-1782-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, information disclosure or the execution of arbitrary code.
For Debian 8 Jessie, these problems have been fixed in version 7u221-2.6.18-1~deb8u1.
We recommend that you upgrade your openjdk-7 packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]");
script_tag(name:"affected", value:"'openjdk-7' package(s) on Debian 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB8") {
if(!isnull(res = isdpkgvuln(pkg:"icedtea-7-jre-jamvm", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-dbg", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-demo", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-doc", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jdk", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-headless", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-lib", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-jre-zero", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openjdk-7-source", ver:"7u221-2.6.18-1~deb8u1", rls:"DEB8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
NewStart CGSL MAIN 4.05 : java-1.7.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0154)
2019-08-12 00:00:00
CentOS 6 : java-1.7.0-openjdk (CESA-2019:0790)
2019-04-24 00:00:00
Debian DSA-4453-1 : openjdk-8 - security update
2019-05-31 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2019-07-30 00:00:00
java-1.8.0-openjdk security and bug fix update
2019-04-17 00:00:00
java-1.7.0-openjdk security update
2019-04-22 00:00:00
debian
debian
[SECURITY] [DLA 1782-1] openjdk-7 security update
2019-05-10 16:39:02
[SECURITY] [DSA 4453-1] openjdk-8 security update
2019-05-29 21:15:56
centos
centos
java security update
2019-04-22 22:47:39
java security update
2019-04-22 22:45:55
java security update
2019-04-19 18:51:58
openvas
openvas
CentOS Update for java CESA-2019:0790 centos6
2019-04-24 00:00:00
CentOS Update for java CESA-2019:0791 centos7
2019-04-24 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-05-08 00:38:09
redhat
redhat
(RHSA-2019:0790) Important: java-1.7.0-openjdk security update
2019-04-22 13:42:30
(RHSA-2019:0791) Important: java-1.7.0-openjdk security update
2019-04-22 13:42:43
(RHSA-2019:0774) Important: java-1.8.0-openjdk security and bug fix update
2019-04-17 14:49:38
osv
osv
openjdk-8 - security update
2019-05-29 00:00:00
openjdk-7 - security update
2019-05-10 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2019-08-07 23:35:00
Important: java-1.7.0-openjdk
2019-05-16 21:42:00
Important: java-11-amazon-corretto
2019-06-11 23:21:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker
2020-03-23 20:41:52
ubuntu
ubuntu
OpenJDK vulnerabilities
2019-05-13 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2019-05-23 00:00:00
Security update for java-11-openjdk (moderate)
2019-05-04 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-06-28 13:47:27
kaspersky
kaspersky
KLA11470 Multiple vulnerabilities in Oracle Java SE
2019-04-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0232
2019-05-09 00:00:00
f5
f5
K07519400 : Java SE vulnerabilities CVE-2019-2602, CVE-2019-2698, CVE-2019-2945, and CVE-2019-2962
2022-06-10 00:00:00
K11175903 : Oracle Java SE vulnerability CVE-2019-2684
2020-01-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-16 04:17:27
nvd
nvd
CVE-2019-2684
2019-04-23 19:32:55
cve
cve
CVE-2019-2684
2019-04-23 19:32:55
alpinelinux
alpinelinux
CVE-2019-2684
2019-04-23 19:32:55
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0.021
Percentile
89.3%
Related for OPENVAS:1361412562310891782