ID CVE-2013-4041
Summary Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.
References
Vulnerable Configurations
  • IBM Java 6.0.0.0
    cpe:2.3:a:ibm:java:6.0.0.0
  • IBM Java 6.0.1.0 Service Refresh 1
    cpe:2.3:a:ibm:java:6.0.1.0
  • IBM Java 7.0.0.0
    cpe:2.3:a:ibm:java:7.0.0.0
  • IBM Java 5.0.0.0
    cpe:2.3:a:ibm:java:5.0.0.0
CVSS
Base: 6.8 (as of 26-11-2013 - 10:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Windows
    NASL id LOTUS_NOTES_9_0_1_FP1.NASL
    description The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 73970
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73970
    title IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2013-1669-1.NASL
    description IBM Java 5 SR16-FP4 has been released which fixes lots of bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2013-4041, CVE-2013-5375, CVE-2013-5372, CVE-2013-5843, CVE-2013-5830, CVE-2013-5829, CVE-2013-5842, CVE-2013-5782, CVE-2013-5817, CVE-2013-5809, CVE-2013-5814, CVE-2013-5802, CVE-2013-5804, CVE-2013-5783, CVE-2013-3829, CVE-2013-4002, CVE-2013-5774, CVE-2013-5825, CVE-2013-5840, CVE-2013-5801, CVE-2013-5778, CVE-2013-5849, CVE-2013-5790, CVE-2013-5780, CVE-2013-5797, CVE-2013-5803 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83601
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83601
    title SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2013:1669-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1509.NASL
    description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5849) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP4 release. All running instances of IBM Java must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 70793
    published 2013-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70793
    title RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:1509)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-131119.NASL
    description IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2013-11-21
    plugin id 71020
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71020
    title SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1793.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) Users of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR15 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78984
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78984
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)
  • NASL family Windows
    NASL id LOTUS_DOMINO_9_0_1_FP1.NASL
    description The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 73969
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73969
    title IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1507.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 70791
    published 2013-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70791
    title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-131114.NASL
    description IBM Java 6 SR15 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2013-11-19
    plugin id 70960
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70960
    title SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)
  • NASL family Misc.
    NASL id DOMINO_9_0_1_FP1.NASL
    description According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation, which could aid remote attackers in executing arbitrary code. Note that this issue only affects installs on 32-bit hosts running Linux. (CVE-2014-0892) - Note that the fixes in the Oracle Java CPUs for October 2013 and January 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-0408, CVE-2013-3829, CVE-2013-4002, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0892)
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 73968
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73968
    title IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1508.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR15 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 70792
    published 2013-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70792
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1508)
redhat via4
advisories
  • rhsa
    id RHSA-2013:1507
  • rhsa
    id RHSA-2013:1508
  • rhsa
    id RHSA-2013:1509
  • rhsa
    id RHSA-2013:1793
refmap via4
aixapar
  • IV51087
  • IV51088
confirm
secunia 56338
suse SUSE-SU-2013:1677
xf ibm-java-cve20134041-priv-escalation(86416)
Last major update 27-01-2014 - 23:54
Published 24-11-2013 - 13:55
Last modified 28-08-2017 - 21:33
Back to Top