Oracle Java SE Multiple Vulnerabilities (October 2012 CPU) (Unix)

critical Nessus Plugin ID 64849

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Unix host contains a programming platform that is affected by multiple vulnerabilities.

Description

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 9 / 6 Update 37 / 5.0 Update 38 / 1.4.2_40 and is, therefore, potentially affected by security issues in the following components :

 - 2D
 - Beans
 - Concurrency
 - Deployment
 - Hotspot
 - JAX-WS
 - JMX
 - JSSE
 - Libraries
 - Networking
 - Security
 - Swing

Solution

Update to JDK / JRE 7 Update 9 / 6 Update 37, JDK 5.0 Update 38, SDK 1.4.2_40 or later and remove, if necessary, any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain JDK 5 .0 Update 38 or later.

See Also

https://www.securityfocus.com/archive/1/524506/30/0/threaded

https://www.securityfocus.com/archive/1/524507/30/0/threaded

http://www.nessus.org/u?b0eb44d4

https://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html

https://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html

http://www.oracle.com/technetwork/java/eol-135779.html

Plugin Details

Severity: Critical

ID: 64849

File Name: oracle_java_cpu_oct_2012_unix.nasl

Version: 1.12

Type: local

Agent: unix

Family: Misc.

Published: 2/22/2013

Updated: 11/15/2018

Dependencies: sun_java_jre_installed_unix.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Host/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/16/2012

Vulnerability Publication Date: 10/16/2012

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Java Applet Method Handle Remote Code Execution)

Reference Information

CVE: CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5078, CVE-2012-5079, CVE-2012-5080, CVE-2012-5081, CVE-2012-5082, CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089

BID: 55501, 56025, 56033, 56039, 56043, 56046, 56051, 56054, 56055, 56056, 56057, 56058, 56059, 56061, 56063, 56065, 56066, 56067, 56068, 56070, 56071, 56072, 56075, 56076, 56078, 56079, 56080, 56081, 56082, 56083