Detections
Analytics
Mac OS X : Java for Mac OS X 10.6 Update 10
info Nessus Plugin ID 61997
Language:
Synopsis
The remote host has a version of Java that contains methods that can aid in further attacks.Description
The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 10, which updates the Java version to 1.6.0_35. As such, it potentially contains two methods that do not properly restrict access to information about other classes. Specifically, the 'getField' and 'getMethod' methods in the 'sun.awt.SunToolkit' class provided by the bundled SunToolKit can be used to obtain any field or method of a class - even private fields and methods.Please note this issue is not directly exploitable, rather it can aid in attacks against other, directly exploitable vulnerabilities, such as that found in CVE-2012-4681.
Solution
Upgrade to Java for Mac OS X 10.6 Update 10, which includes version 13.8.3 of the JavaVM Framework.See Also
http://www.nessus.org/u?00370937
http://support.apple.com/kb/HT5473
http://lists.apple.com/archives/security-announce/2012/Sep/msg00000.html
Plugin Details
Severity: Info
ID: 61997
File Name: macosx_java_10_6_update10.nasl
Version: 1.15
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/6/2012
Updated: 11/27/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 0.8
CVSS v2
Risk Factor: Info
Base Score: 0
Temporal Score: 0
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:N
CVSS Score Source: CVE-1999-0547
CVSS v3
Risk Factor: Info
Base Score: 0
Temporal Score: 0
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apple:java_1.6
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/5/2012
Vulnerability Publication Date: 8/10/2012
Reference Information
CVE: CVE-2012-0547
BID: 55339