Detections
Analytics
Mac OS X : Java for Mac OS X 10.5 Update 7
critical Nessus Plugin ID 46673
Language:
Synopsis
The remote host has a version of Java that is affected by multiple vulnerabilities.Description
The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 7.The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
Solution
Upgrade to Java for Mac OS X 10.5 Update 7 or later.See Also
http://support.apple.com/kb/HT4170
http://lists.apple.com/archives/security-announce/2010/May/msg00002.html
Plugin Details
Severity: Critical
ID: 46673
File Name: macosx_java_10_5_update7.nasl
Version: 1.24
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 5/19/2010
Updated: 11/27/2023
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2010-0887
Vulnerability Information
Required KB Items: Host/MacOSX/packages
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/18/2010
Vulnerability Publication Date: 5/18/2010
CISA Known Exploited Vulnerability Due Dates: 6/15/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Sun Java Web Start Plugin Command Line Argument Injection)
Reference Information
CVE: CVE-2009-3555, CVE-2009-3910, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0538, CVE-2010-0539, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0886, CVE-2010-0887
BID: 36935, 39069, 39073, 39078, 40238, 40240
CWE: 310