The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1384 advisory.

  - HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) (CVE-2011-3389)

  - Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) (CVE-2011-3516, CVE-2011-3546,     CVE-2011-3561)

  - OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) (CVE-2011-3521)

  - OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) (CVE-2011-3544)

  - Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) (CVE-2011-3545)

  - OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) (CVE-2011-3547)

  - OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) (CVE-2011-3548)

  - Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) (CVE-2011-3549)

  - Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) (CVE-2011-3550)

  - OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) (CVE-2011-3551)

  - OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) (CVE-2011-3552)

  - OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) (CVE-2011-3553)

  - OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) (CVE-2011-3554)

  - OpenJDK: RMI DGC server remote code execution (RMI, 7077466) (CVE-2011-3556)

  - OpenJDK: RMI registry privileged code execution (RMI, 7083012) (CVE-2011-3557)

  - OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) (CVE-2011-3558)

  - OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) (CVE-2011-3560)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 5 / 6 : java-1.6.0-sun (RHSA-2011:1384)

high Nessus Plugin ID 56560

Version 1.38

Version 1.37

Version 1.38 Apr 27, 2024, 10:42 PM CVE (set "CVE" coverage to "CVE-2011-3389,CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550,CVE-2011-3551,CVE-2011-3552,CVE-2011-3553,CVE-2011-3554,CVE-2011-3556,CVE-2011-3557,CVE-2011-3558,CVE-2011-3560,CVE-2011-3561") CVSS metrics ("CVSSv3 score" set to 7.5) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv3 score source (set to "CVE-2011-3389") Detection (updated detection logic) Exploit attributes ("Exploit framework canvas" changed from "True" to none) Exploit attributes ("Exploit framework core" changed from "True" to none) Exploit attributes ("Exploit framework metasploit" changed from "True" to none) Exploit attributes ("Exploited by malware" changed from "True" to none) Plugin metadata Reference Plugin Feed: 202404272242
Version 1.37 Dec 6, 2022, 1:01 AM Reference Plugin Feed: 202212060101