ID CVE-2013-1486
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
References
Vulnerable Configurations
  • Oracle JRE 1.7.0
    cpe:2.3:a:oracle:jre:1.7.0
  • Oracle JRE 1.7.0 update1
    cpe:2.3:a:oracle:jre:1.7.0:update1
  • Oracle JRE 1.7.0 update2
    cpe:2.3:a:oracle:jre:1.7.0:update2
  • Oracle JRE 1.7.0 update3
    cpe:2.3:a:oracle:jre:1.7.0:update3
  • Oracle JRE 1.7.0 Update 4
    cpe:2.3:a:oracle:jre:1.7.0:update4
  • Oracle JRE 1.7.0 Update 5
    cpe:2.3:a:oracle:jre:1.7.0:update5
  • Oracle JRE 1.7.0 Update 6
    cpe:2.3:a:oracle:jre:1.7.0:update6
  • Oracle JRE 1.7.0 Update 7
    cpe:2.3:a:oracle:jre:1.7.0:update7
  • Oracle JRE 1.7.0 Update 9
    cpe:2.3:a:oracle:jre:1.7.0:update9
  • Oracle JRE 1.7.0 Update 10
    cpe:2.3:a:oracle:jre:1.7.0:update10
  • Oracle JRE 1.7.0 Update 11
    cpe:2.3:a:oracle:jre:1.7.0:update11
  • Oracle JRE 1.7.0 Update 13
    cpe:2.3:a:oracle:jre:1.7.0:update13
  • Oracle JDK 1.7.0
    cpe:2.3:a:oracle:jdk:1.7.0
  • Oracle JDK 1.7.0 update1
    cpe:2.3:a:oracle:jdk:1.7.0:update1
  • Oracle JDK 1.7.0 update2
    cpe:2.3:a:oracle:jdk:1.7.0:update2
  • Oracle JDK 1.7.0 update3
    cpe:2.3:a:oracle:jdk:1.7.0:update3
  • Oracle JDK 1.7.0 Update 4
    cpe:2.3:a:oracle:jdk:1.7.0:update4
  • Oracle JDK 1.7.0 Update 5
    cpe:2.3:a:oracle:jdk:1.7.0:update5
  • Oracle JDK 1.7.0 Update 6
    cpe:2.3:a:oracle:jdk:1.7.0:update6
  • Oracle JDK 1.7.0 Update 7
    cpe:2.3:a:oracle:jdk:1.7.0:update7
  • Oracle JDK 1.7.0 Update 9
    cpe:2.3:a:oracle:jdk:1.7.0:update9
  • Oracle JDK 1.7.0 Update 10
    cpe:2.3:a:oracle:jdk:1.7.0:update10
  • Oracle JDK 1.7.0 Update 11
    cpe:2.3:a:oracle:jdk:1.7.0:update11
  • Oracle JDK 1.7.0 Update 13
    cpe:2.3:a:oracle:jdk:1.7.0:update13
  • Oracle JRE 1.6.0 Update 37
    cpe:2.3:a:oracle:jre:1.6.0:update_37
  • Oracle JRE 1.6.0 Update 35
    cpe:2.3:a:oracle:jre:1.6.0:update_35
  • Oracle JRE 1.6.0 Update 34
    cpe:2.3:a:oracle:jre:1.6.0:update_34
  • Oracle JRE 1.6.0 Update 33
    cpe:2.3:a:oracle:jre:1.6.0:update_33
  • Oracle JRE 1.6.0 Update 32
    cpe:2.3:a:oracle:jre:1.6.0:update_32
  • Oracle JRE 1.6.0 Update 31
    cpe:2.3:a:oracle:jre:1.6.0:update_31
  • Oracle JRE 1.6.0 Update 30
    cpe:2.3:a:oracle:jre:1.6.0:update_30
  • Oracle JRE 1.6.0 Update 29
    cpe:2.3:a:oracle:jre:1.6.0:update_29
  • Oracle JRE 1.6.0 Update 27
    cpe:2.3:a:oracle:jre:1.6.0:update_27
  • Oracle JRE 1.6.0 Update 26
    cpe:2.3:a:oracle:jre:1.6.0:update_26
  • Oracle JRE 1.6.0 Update 25
    cpe:2.3:a:oracle:jre:1.6.0:update_25
  • Oracle JRE 1.6.0 Update 24
    cpe:2.3:a:oracle:jre:1.6.0:update_24
  • Oracle JRE 1.6.0 Update 23
    cpe:2.3:a:oracle:jre:1.6.0:update_23
  • Oracle JRE 1.6.0 Update 22
    cpe:2.3:a:oracle:jre:1.6.0:update_22
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 9
    cpe:2.3:a:sun:jre:1.6.0:update_9
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Oracle JRE 1.6.0 Update 39
    cpe:2.3:a:oracle:jre:1.6.0:update_39
  • Oracle JRE 1.6.0 Update 38
    cpe:2.3:a:oracle:jre:1.6.0:update_38
  • Oracle JDK 1.6.0 Update 37
    cpe:2.3:a:oracle:jdk:1.6.0:update_37
  • Oracle JDK 1.6.0 Update 35
    cpe:2.3:a:oracle:jdk:1.6.0:update_35
  • Oracle JDK 1.6.0 Update 34
    cpe:2.3:a:oracle:jdk:1.6.0:update_34
  • Oracle JDK 1.6.0 Update 33
    cpe:2.3:a:oracle:jdk:1.6.0:update_33
  • Oracle JDK 1.6.0 Update 32
    cpe:2.3:a:oracle:jdk:1.6.0:update_32
  • Oracle JDK 1.6.0 Update 31
    cpe:2.3:a:oracle:jdk:1.6.0:update_31
  • Oracle JDK 1.6.0 Update 30
    cpe:2.3:a:oracle:jdk:1.6.0:update_30
  • Oracle JDK 1.6.0 Update 29
    cpe:2.3:a:oracle:jdk:1.6.0:update_29
  • Oracle JDK 1.6.0 Update 27
    cpe:2.3:a:oracle:jdk:1.6.0:update_27
  • Oracle JDK 1.6.0 Update 26
    cpe:2.3:a:oracle:jdk:1.6.0:update_26
  • Oracle JDK 1.6.0 Update 25
    cpe:2.3:a:oracle:jdk:1.6.0:update_25
  • Oracle JDK 1.6.0 Update 24
    cpe:2.3:a:oracle:jdk:1.6.0:update_24
  • Oracle JDK 1.6.0 Update 23
    cpe:2.3:a:oracle:jdk:1.6.0:update_23
  • Oracle JDK 1.6.0 Update 22
    cpe:2.3:a:oracle:jdk:1.6.0:update_22
  • Sun JDK 1.6.0 Update 21
    cpe:2.3:a:sun:jdk:1.6.0:update_21
  • Sun JDK 1.6.0 Update 20
    cpe:2.3:a:sun:jdk:1.6.0:update_20
  • Sun JDK 1.6.0 Update 19
    cpe:2.3:a:sun:jdk:1.6.0:update_19
  • Sun JDK 1.6.0 Update 18
    cpe:2.3:a:sun:jdk:1.6.0:update_18
  • Sun JDK 1.6.0 Update 17
    cpe:2.3:a:sun:jdk:1.6.0:update_17
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • Sun JDK 1.6.0
    cpe:2.3:a:sun:jdk:1.6.0
  • Oracle JDK 1.6.0 Update 38
    cpe:2.3:a:oracle:jdk:1.6.0:update_38
  • Oracle JDK 1.6.0 Update 39
    cpe:2.3:a:oracle:jdk:1.6.0:update_39
  • Oracle JRE 1.5.0_36 (JRE 5.0 Update 36)
    cpe:2.3:a:oracle:jre:1.5.0:update_36
  • Sun JRE 1.5.0_33 (JRE 5.0 Update 33)
    cpe:2.3:a:sun:jre:1.5.0:update33
  • Sun JRE 1.5.0_31 (JRE 5.0 Update 31)
    cpe:2.3:a:sun:jre:1.5.0:update31
  • Sun JRE 1.5.0_29 (JRE 5.0 Update 29)
    cpe:2.3:a:sun:jre:1.5.0:update29
  • Sun JRE 1.5.0_28 (JRE 5.0 Update 28)
    cpe:2.3:a:sun:jre:1.5.0:update28
  • Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
    cpe:2.3:a:sun:jre:1.5.0:update27
  • Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
    cpe:2.3:a:sun:jre:1.5.0:update26
  • Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
    cpe:2.3:a:sun:jre:1.5.0:update25
  • Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
    cpe:2.3:a:sun:jre:1.5.0:update24
  • Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
    cpe:2.3:a:sun:jre:1.5.0:update23
  • Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
    cpe:2.3:a:sun:jre:1.5.0:update22
  • Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
    cpe:2.3:a:sun:jre:1.5.0:update21
  • Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
    cpe:2.3:a:sun:jre:1.5.0:update20
  • Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
    cpe:2.3:a:sun:jre:1.5.0:update19
  • Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
    cpe:2.3:a:sun:jre:1.5.0:update18
  • Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
    cpe:2.3:a:sun:jre:1.5.0:update17
  • Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
    cpe:2.3:a:sun:jre:1.5.0:update16
  • Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
    cpe:2.3:a:sun:jre:1.5.0:update15
  • Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
    cpe:2.3:a:sun:jre:1.5.0:update14
  • Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
    cpe:2.3:a:sun:jre:1.5.0:update13
  • Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
    cpe:2.3:a:sun:jre:1.5.0:update12
  • Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
    cpe:2.3:a:sun:jre:1.5.0:update11
  • Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
    cpe:2.3:a:sun:jre:1.5.0:update10
  • Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
    cpe:2.3:a:sun:jre:1.5.0:update9
  • Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
    cpe:2.3:a:sun:jre:1.5.0:update8
  • Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
    cpe:2.3:a:sun:jre:1.5.0:update7
  • Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
    cpe:2.3:a:sun:jre:1.5.0:update6
  • Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
    cpe:2.3:a:sun:jre:1.5.0:update5
  • Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
    cpe:2.3:a:sun:jre:1.5.0:update4
  • Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
    cpe:2.3:a:sun:jre:1.5.0:update3
  • Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
    cpe:2.3:a:sun:jre:1.5.0:update2
  • Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
    cpe:2.3:a:sun:jre:1.5.0:update1
  • Sun JRE 1.5.0
    cpe:2.3:a:sun:jre:1.5.0
  • Oracle JRE 1.5.0_38 (Update 38)
    cpe:2.3:a:oracle:jre:1.5.0:update_38
  • Oracle JRE 1.5.0_39 (Update 39)
    cpe:2.3:a:oracle:jre:1.5.0:update_39
  • Oracle JDK 1.5.0 Update 36
    cpe:2.3:a:oracle:jdk:1.5.0:update_36
  • Sun JDK 1.5.0_33 (JDK 5.0 Update 33)
    cpe:2.3:a:sun:jdk:1.5.0:update33
  • Sun JDK 5.0 Update 31
    cpe:2.3:a:sun:jdk:1.5.0:update31
  • Sun JDK 5.0 Update 29
    cpe:2.3:a:sun:jdk:1.5.0:update29
  • Sun JDK 5.0 Update 28
    cpe:2.3:a:sun:jdk:1.5.0:update28
  • Sun JDK 5.0 Update 27
    cpe:2.3:a:sun:jdk:1.5.0:update27
  • Sun JDK 5.0 Update 26
    cpe:2.3:a:sun:jdk:1.5.0:update26
  • Sun JDK 5.0 Update 25
    cpe:2.3:a:sun:jdk:1.5.0:update25
  • Sun JDK 5.0 Update 24
    cpe:2.3:a:sun:jdk:1.5.0:update24
  • Sun JDK 5.0 Update 23
    cpe:2.3:a:sun:jdk:1.5.0:update23
  • Sun JDK 5.0 Update 22
    cpe:2.3:a:sun:jdk:1.5.0:update22
  • Sun JDK 5.0 Update 21
    cpe:2.3:a:sun:jdk:1.5.0:update21
  • Sun JDK 5.0 Update 20
    cpe:2.3:a:sun:jdk:1.5.0:update20
  • Sun JDK 5.0 Update 19
    cpe:2.3:a:sun:jdk:1.5.0:update19
  • Sun JDK 5.0 Update 18
    cpe:2.3:a:sun:jdk:1.5.0:update18
  • Sun JDK 5.0 Update 17
    cpe:2.3:a:sun:jdk:1.5.0:update17
  • Sun JDK 5.0 Update 16
    cpe:2.3:a:sun:jdk:1.5.0:update16
  • Sun JDK 5.0 Update 15
    cpe:2.3:a:sun:jdk:1.5.0:update15
  • Sun JDK 5.0 Update 14
    cpe:2.3:a:sun:jdk:1.5.0:update14
  • Sun JDK 5.0 Update 13
    cpe:2.3:a:sun:jdk:1.5.0:update13
  • Sun JDK 5.0 Update12
    cpe:2.3:a:sun:jdk:1.5.0:update12
  • Sun JDK 1.5.0_11 b03
    cpe:2.3:a:sun:jdk:1.5.0:update11_b03
  • Sun JDK 5.0 Update11
    cpe:2.3:a:sun:jdk:1.5.0:update11
  • Sun JDK 5.0 Update10
    cpe:2.3:a:sun:jdk:1.5.0:update10
  • Sun JDK 5.0 Update9
    cpe:2.3:a:sun:jdk:1.5.0:update9
  • Sun JDK 5.0 Update8
    cpe:2.3:a:sun:jdk:1.5.0:update8
  • Sun JDK 1.5 _07-b03
    cpe:2.3:a:sun:jdk:1.5.0:update7_b03
  • Sun JDK 5.0 Update7
    cpe:2.3:a:sun:jdk:1.5.0:update7
  • Sun JDK 1.5.0_6
    cpe:2.3:a:sun:jdk:1.5.0:update6
  • Sun JDK 5.0 Update5
    cpe:2.3:a:sun:jdk:1.5.0:update5
  • Sun JDK 5.0 Update4
    cpe:2.3:a:sun:jdk:1.5.0:update4
  • Sun JDK 5.0 Update3
    cpe:2.3:a:sun:jdk:1.5.0:update3
  • Sun JDK 5.0 Update2
    cpe:2.3:a:sun:jdk:1.5.0:update2
  • Sun JDK 5.0 Update1
    cpe:2.3:a:sun:jdk:1.5.0:update1
  • Sun JDK 1.5.0
    cpe:2.3:a:sun:jdk:1.5.0
  • Oracle JDK 1.5.0 Update 38
    cpe:2.3:a:oracle:jdk:1.5.0:update_38
  • Oracle JDK 1.5.0 Update 39
    cpe:2.3:a:oracle:jdk:1.5.0:update_39
CVSS
Base: 10.0 (as of 21-02-2013 - 09:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-095.NASL
    description Updated java-1.7.0-openjdk packages fix security vulnerabilities : Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444). Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480). A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432). The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted (CVE-2013-0435). Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434). It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack (CVE-2013-0424). It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake (CVE-2013-0440). It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack (CVE-2013-0443). Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484). An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485). It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169). An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. Specially crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66107
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66107
    title Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0275.NASL
    description Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64731
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64731
    title CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0275)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-03
    plugin id 72139
    published 2014-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72139
    title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_FEB_2013_1_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components : - Deployment - JMX - JSSE - Libraries
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64851
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64851
    title Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0275.NASL
    description Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64748
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64748
    title RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0275)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0532.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 64775
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64775
    title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_FEB_2013_1.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 15, 6 Update 41, 5 Update 40 or 1.4.2 Update 42. It is, therefore, potentially affected by security issues in the following components : - Deployment - JMX - JSSE - Libraries
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64790
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64790
    title Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1735-1.NASL
    description Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the 'Lucky Thirteen' issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484) A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64801
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64801
    title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0275.NASL
    description From Red Hat Security Advisory 2013:0275 : Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68736
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68736
    title Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0275)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1455.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78975
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78975
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-32.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-32 (IcedTea JDK: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 76303
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76303
    title GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE13.NASL
    description The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 13, which updates the Java version to 1.6.0_41. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64699
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64699
    title Mac OS X : Java for Mac OS X 10.6 Update 13
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0626.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1541, CVE-2012-3174, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 65204
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65204
    title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-130306.NASL
    description IBM Java 7 was updated to SR4, fixing various critical security issues and bugs. Please see the IBM JDK Alert page for more information : http://www.ibm.com/developerworks/java/jdk/alerts/ Security issues fixed : - / CVE-2012-3174. (CVE-2013-1487 / CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-0441 / CVE-2013-1476 / CVE-2012-1541 / CVE-2013-0446 / CVE-2012-3342 / CVE-2013-0442 / CVE-2013-0450 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2012-3213 / CVE-2013-0419 / CVE-2013-0423 / CVE-2013-0351 / CVE-2013-0432 / CVE-2013-1473 / CVE-2013-0435 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440 / CVE-2013-0438 / CVE-2013-0443 / CVE-2013-1484 / CVE-2013-1485 / CVE-2013-0437 / CVE-2013-0444 / CVE-2013-0449 / CVE-2013-0431 / CVE-2013-0422)
    last seen 2019-02-21
    modified 2013-11-18
    plugin id 65246
    published 2013-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65246
    title SuSE 11.2 Security Update : Java (SAT Patch Number 7454)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0274.NASL
    description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64896
    published 2013-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64896
    title CentOS 5 : java-1.6.0-openjdk (CESA-2013:0274)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0273.NASL
    description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64746
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64746
    title RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0273)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-163.NASL
    description An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69722
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69722
    title Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-014.NASL
    description Multiple security issues were identified and fixed in OpenJDK (icedtea6) : - S8006446: Restrict MBeanServer access - S8006777: Improve TLS handling of invalid messages - S8007688: Blacklist known bad certificate - S7123519: problems with certification path - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed The updated packages provides icedtea6-1.11.8 which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64861
    published 2013-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64861
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1456.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78976
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78976
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0274.NASL
    description From Red Hat Security Advisory 2013:0274 : Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68735
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68735
    title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0274)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0273.NASL
    description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64730
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64730
    title CentOS 6 : java-1.6.0-openjdk (CESA-2013:0273)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0274.NASL
    description Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64747
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64747
    title RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0274)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-164.NASL
    description java-1_6_0-openjdk was updated to IcedTea 1.12.3 (bnc#804654) containing security and bugfixes : - Security fixes - S8006446: Restrict MBeanServer access (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) - Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed - Bug fixes - PR1319: Support GIF lib v5.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74906
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74906
    title openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0375-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-OPENJDK-130221.NASL
    description java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes : - Security fixes - S8006446: Restrict MBeanServer access. (CVE-2013-1486) - S8006777: Improve TLS handling of invalid messages Lucky 13. (CVE-2013-0169) - S8007688: Blacklist known bad certificate (issued by DigiCert) - Backports - S8007393: Possible race condition after JDK-6664509 - S8007611: logging behavior in applet changed - Bug fixes - PR1319: Support GIF lib v5.
    last seen 2019-02-21
    modified 2014-04-12
    plugin id 64863
    published 2013-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64863
    title SuSE 11.2 Security Update : Java (SAT Patch Number 7385)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-130312.NASL
    description IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs. Please see the IBM JDK Alert page for more information : http://www.ibm.com/developerworks/java/jdk/alerts/ Security issues fixed : - / CVE-2013-0443. (CVE-2013-1487 / CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-0441 / CVE-2013-1476 / CVE-2012-1541 / CVE-2013-0446 / CVE-2012-3342 / CVE-2013-0442 / CVE-2013-0450 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2012-3213 / CVE-2013-1481 / CVE-2013-0419 / CVE-2013-0423 / CVE-2013-0351 / CVE-2013-0432 / CVE-2013-1473 / CVE-2013-0435 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440 / CVE-2013-0438)
    last seen 2019-02-21
    modified 2018-08-20
    plugin id 65597
    published 2013-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65597
    title SuSE 11.2 Security Update : Java (SAT Patch Number 7481)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0625.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 65203
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65203
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0625)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0624.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 65202
    published 2013-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65202
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_6_0-IBM-8495.NASL
    description IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs. Please see the IBM JDK Alert page for more information : http://www.ibm.com/developerworks/java/jdk/alerts/ Security issues fixed : - / CVE-2013-0443. (CVE-2013-1487 / CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-0441 / CVE-2013-1476 / CVE-2012-1541 / CVE-2013-0446 / CVE-2012-3342 / CVE-2013-0442 / CVE-2013-0450 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2012-3213 / CVE-2013-1481 / CVE-2013-0419 / CVE-2013-0423 / CVE-2013-0351 / CVE-2013-0432 / CVE-2013-1473 / CVE-2013-0435 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440 / CVE-2013-0438)
    last seen 2019-02-21
    modified 2018-08-20
    plugin id 65570
    published 2013-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65570
    title SuSE 10 Security Update : Java (ZYPP Patch Number 8495)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_2013-001.NASL
    description The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-001 update, which updates the Java version to 1.6.0_41. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 64700
    published 2013-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64700
    title Mac OS X : Java for OS X 2013-001
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0273.NASL
    description From Red Hat Security Advisory 2013:0273 : Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68734
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68734
    title Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0273)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0531.NASL
    description Updated java-1.6.0-sun packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0169, CVE-2013-1486, CVE-2013-1487) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 64774
    published 2013-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64774
    title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0531)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-162.NASL
    description Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486 , CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69721
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69721
    title Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-8483.NASL
    description IBM Java 5 has been updated to SR16 which fixes various critical security issues and bugs. Please see the IBM JDK Alert page for more information : http://www.ibm.com/developerworks/java/jdk/alerts/ Security issues fixed : - / CVE-2013-0443. (CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 65599
    published 2013-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65599
    title SuSE 10 Security Update : Java (ZYPP Patch Number 8483)
oval via4
  • accepted 2015-04-20T04:01:14.186-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
    family unix
    id oval:org.mitre.oval:def:19402
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 46
  • accepted 2015-04-20T04:01:20.188-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
    family unix
    id oval:org.mitre.oval:def:19469
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 44
redhat via4
advisories
  • bugzilla
    id 913014
    title CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.56.1.11.8.el6_3
          oval oval:com.redhat.rhsa:tst:20130273005
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865006
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.56.1.11.8.el6_3
          oval oval:com.redhat.rhsa:tst:20130273011
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865010
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.56.1.11.8.el6_3
          oval oval:com.redhat.rhsa:tst:20130273013
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865008
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.56.1.11.8.el6_3
          oval oval:com.redhat.rhsa:tst:20130273007
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865014
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.56.1.11.8.el6_3
          oval oval:com.redhat.rhsa:tst:20130273009
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865012
    rhsa
    id RHSA-2013:0273
    released 2013-02-20
    severity Critical
    title RHSA-2013:0273: java-1.6.0-openjdk security update (Critical)
  • bugzilla
    id 913014
    title CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.35.1.11.8.el5_9
          oval oval:com.redhat.rhsa:tst:20130274002
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377003
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.35.1.11.8.el5_9
          oval oval:com.redhat.rhsa:tst:20130274004
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377011
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.35.1.11.8.el5_9
          oval oval:com.redhat.rhsa:tst:20130274006
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377005
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.35.1.11.8.el5_9
          oval oval:com.redhat.rhsa:tst:20130274010
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377007
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.35.1.11.8.el5_9
          oval oval:com.redhat.rhsa:tst:20130274008
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377009
    rhsa
    id RHSA-2013:0274
    released 2013-02-20
    severity Important
    title RHSA-2013:0274: java-1.6.0-openjdk security update (Important)
  • bugzilla
    id 913025
    title CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.7.1.el6_3
            oval oval:com.redhat.rhsa:tst:20130275005
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.7.1.el6_3
            oval oval:com.redhat.rhsa:tst:20130275013
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.7.1.el6_3
            oval oval:com.redhat.rhsa:tst:20130275007
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.7.1.el6_3
            oval oval:com.redhat.rhsa:tst:20130275011
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.7.1.el6_3
            oval oval:com.redhat.rhsa:tst:20130275009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.7.1.el5_9
            oval oval:com.redhat.rhsa:tst:20130275016
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.7.1.el5_9
            oval oval:com.redhat.rhsa:tst:20130275020
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165025
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.7.1.el5_9
            oval oval:com.redhat.rhsa:tst:20130275022
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165023
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.7.1.el5_9
            oval oval:com.redhat.rhsa:tst:20130275024
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.7.1.el5_9
            oval oval:com.redhat.rhsa:tst:20130275018
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
    rhsa
    id RHSA-2013:0275
    released 2013-02-20
    severity Important
    title RHSA-2013:0275: java-1.7.0-openjdk security update (Important)
  • rhsa
    id RHSA-2013:1455
  • rhsa
    id RHSA-2013:1456
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.56.1.11.8.el6_3
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.56.1.11.8.el6_3
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.56.1.11.8.el6_3
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.56.1.11.8.el6_3
  • java-1.6.0-openjdk-1:1.6.0.0-1.35.1.11.8.el5_9
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.35.1.11.8.el5_9
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.35.1.11.8.el5_9
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.35.1.11.8.el5_9
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.35.1.11.8.el5_9
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el5_9
refmap via4
bid 58029
cert TA13-051A
confirm
gentoo GLSA-201406-32
hp
  • HPSBMU02874
  • HPSBUX02857
  • SSRT101103
  • SSRT101184
mandriva MDVSA-2013:095
misc http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
suse
  • SUSE-SU-2013:0328
  • openSUSE-SU-2013:0375
  • openSUSE-SU-2013:0378
ubuntu USN-1735-1
Last major update 04-10-2014 - 01:04
Published 20-02-2013 - 16:55
Last modified 18-09-2017 - 21:36
Back to Top