Detections
Analytics
Fedora 14 : java-1.6.0-openjdk-1.6.0.0-44.1.9.1.fc14 (2010-16312)
critical Nessus Plugin ID 50007
Language:
Synopsis
The remote Fedora host is missing a security update.Description
- Bug #533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation- Bug #642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
- Bug #639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)
- Bug #642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)
- Bug #642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)
- Bug #642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)
- Bug #639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672)
- Bug #639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)
- Bug #639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)
- Bug #639914 - CVE-2010-3564 OpenJDK kerberos vulnerability (6958060)
- Bug #639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)
- Bug #642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285)
- Bug #639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)
- Bug #639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)
- Bug #642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected java-1.6.0-openjdk package.See Also
https://bugzilla.redhat.com/show_bug.cgi?id=642197
https://bugzilla.redhat.com/show_bug.cgi?id=642202
https://bugzilla.redhat.com/show_bug.cgi?id=642215
http://www.nessus.org/u?6eb8d7c9
https://bugzilla.redhat.com/show_bug.cgi?id=533125
https://bugzilla.redhat.com/show_bug.cgi?id=639876
https://bugzilla.redhat.com/show_bug.cgi?id=639880
https://bugzilla.redhat.com/show_bug.cgi?id=639897
https://bugzilla.redhat.com/show_bug.cgi?id=639904
https://bugzilla.redhat.com/show_bug.cgi?id=639909
https://bugzilla.redhat.com/show_bug.cgi?id=639914
https://bugzilla.redhat.com/show_bug.cgi?id=639920
https://bugzilla.redhat.com/show_bug.cgi?id=639925
https://bugzilla.redhat.com/show_bug.cgi?id=642167
Plugin Details
Severity: Critical
ID: 50007
File Name: fedora_2010-16312.nasl
Version: 1.19
Type: local
Agent: unix
Family: Fedora Local Security Checks
Published: 10/18/2010
Updated: 1/11/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:fedoraproject:fedora:java-1.6.0-openjdk, cpe:/o:fedoraproject:fedora:14
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/14/2010
Vulnerability Publication Date: 11/9/2009
Reference Information
CVE: CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574
BID: 36935, 43963, 43979, 43985, 43992, 43994, 44009, 44011, 44012, 44013, 44014, 44016, 44017, 44027, 44028, 44032, 44035
CWE: 310
FEDORA: 2010-16312