Detections
Analytics

Alpine: openjdk7: security update to 7.-r0 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 401159

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote
 attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
 (CVE-2014-6513)

 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and
 JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors
 related to JSSE. (CVE-2014-6457)

 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60,
 allows remote attackers to affect integrity via unknown vectors related to Libraries. (CVE-2014-6502)

 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows
 remote attackers to affect confidentiality via unknown vectors related to Hotspot. (CVE-2014-6504)

 - Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60,
 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
 to Libraries. (CVE-2014-6506)

See Also

https://git.alpinelinux.org/aports/commit/?id=21fd4c1bf76422ac45e3a23bf3a249e29b87e6a7

https://git.alpinelinux.org/aports/commit/?id=b5565a3acd01bbd182f7af75fb9985bb51c62217

Plugin Details

Severity: High

ID: 401159

Version: Revision 1.25

Type: Local

Published: 8/16/2023

Updated: 8/26/2024

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-6513

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2014-6558

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 10/16/2014

Vulnerability Publication Date: 10/14/2014

Reference Information

CVE: CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6513, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558

BID: 70538, 70533, 70564, 70556, 70548, 70567, 70569, 70552, 70570, 70572, 70544