Detections
Analytics
Scientific Linux Security Update : java-1.6.0-sun on SL5.x i386/x86_64 (20120904)
critical Nessus Plugin ID 62071
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability.Successful exploits can impact the availability, integrity, and confidentiality of the user's system.
In addition, this Security Alert includes a security-in-depth fix in the AWT subcomponent of the Java Runtime Environment.
Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 'in the wild,' we strongly recommend that you apply the updates as soon as possible.
Solution
Update the affected java-1.6.0-sun-compat and / or jdk packages.See Also
Plugin Details
Severity: Critical
ID: 62071
File Name: sl_20120904_java_1_6_0_sun_on_SL5_x.nasl
Version: 1.13
Type: local
Agent: unix
Published: 9/13/2012
Updated: 3/8/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:jdk, p-cpe:/a:fermilab:scientific_linux:java-1.6.0-sun-compat
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/4/2012
Vulnerability Publication Date: 8/28/2012
CISA Known Exploited Vulnerability Due Dates: 3/24/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Java 7 Applet Remote Code Execution)
Reference Information
CVE: CVE-2012-4681