 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.891914 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-1914-1) |
| Summary: | The remote host is missing an update for the Debian 'icedtea-web' package(s) announced via the DLA-1914-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'icedtea-web' package(s) announced via the DLA-1914-1 advisory. Vulnerability Insight: Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol (JNLP). CVE-2019-10181 It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. CVE-2019-10182 It was found that icedtea-web did not properly sanitize paths from CVE-2019-10185 It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. For Debian 8 Jessie, these problems have been fixed in version 1.5.3-1+deb8u1. We recommend that you upgrade your icedtea-web packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'icedtea-web' package(s) on Debian 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-10181 20191007 CVE-2019-10181, CVE-2019-10182, CVE-2019-10185: IcedTea-Web vulnerabilities leading to RCE https://seclists.org/bugtraq/2019/Oct/5 GLSA-202107-51 https://security.gentoo.org/glsa/202107-51 [debian-lts-announce] 20190909 [SECURITY] [DLA 1914-1] icedtea-web security update https://lists.debian.org/debian-lts-announce/2019/09/msg00008.html http://packetstormsecurity.com/files/154748/IcedTeaWeb-Validation-Bypass-Directory-Traversal-Code-Execution.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10181 https://github.com/AdoptOpenJDK/IcedTea-Web/issues/327 https://github.com/AdoptOpenJDK/IcedTea-Web/pull/344 openSUSE-SU-2019:1911 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2019-10182 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10182 Common Vulnerability Exposure (CVE) ID: CVE-2019-10185 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10185 |
| Copyright | Copyright (C) 2019 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |