ID CVE-2013-5789
Summary Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
References
Vulnerable Configurations
  • Oracle JRE 1.7.0
    cpe:2.3:a:oracle:jre:1.7.0
  • Oracle JRE 1.7.0 update1
    cpe:2.3:a:oracle:jre:1.7.0:update1
  • Oracle JRE 1.7.0 Update 10
    cpe:2.3:a:oracle:jre:1.7.0:update10
  • Oracle JRE 1.7.0 Update 11
    cpe:2.3:a:oracle:jre:1.7.0:update11
  • Oracle JRE 1.7.0 Update 13
    cpe:2.3:a:oracle:jre:1.7.0:update13
  • Oracle JRE 1.7.0 Update 15
    cpe:2.3:a:oracle:jre:1.7.0:update15
  • Oracle JRE 1.7.0 Update 17
    cpe:2.3:a:oracle:jre:1.7.0:update17
  • Oracle JRE 1.7.0 update2
    cpe:2.3:a:oracle:jre:1.7.0:update2
  • Oracle JRE 1.7.0 Update 21
    cpe:2.3:a:oracle:jre:1.7.0:update21
  • Oracle JRE 1.7.0 Update 25
    cpe:2.3:a:oracle:jre:1.7.0:update25
  • Oracle JRE 1.7.0 update3
    cpe:2.3:a:oracle:jre:1.7.0:update3
  • Oracle JRE 1.7.0 Update 4
    cpe:2.3:a:oracle:jre:1.7.0:update4
  • Oracle JRE 1.7.0 Update 5
    cpe:2.3:a:oracle:jre:1.7.0:update5
  • Oracle JRE 1.7.0 Update 6
    cpe:2.3:a:oracle:jre:1.7.0:update6
  • Oracle JRE 1.7.0 Update 7
    cpe:2.3:a:oracle:jre:1.7.0:update7
  • Oracle JRE 1.7.0 Update 9
    cpe:2.3:a:oracle:jre:1.7.0:update9
  • Oracle JRE 1.7.0 Update 40
    cpe:2.3:a:oracle:jre:1.7.0:update_40
  • Oracle JDK 1.6.0 Update 22
    cpe:2.3:a:oracle:jdk:1.6.0:update_22
  • Oracle JDK 1.6.0 Update 23
    cpe:2.3:a:oracle:jdk:1.6.0:update_23
  • Oracle JDK 1.6.0 Update 24
    cpe:2.3:a:oracle:jdk:1.6.0:update_24
  • Oracle JDK 1.6.0 Update 25
    cpe:2.3:a:oracle:jdk:1.6.0:update_25
  • Oracle JDK 1.6.0 Update 26
    cpe:2.3:a:oracle:jdk:1.6.0:update_26
  • Oracle JDK 1.6.0 Update 27
    cpe:2.3:a:oracle:jdk:1.6.0:update_27
  • Oracle JDK 1.6.0 Update 29
    cpe:2.3:a:oracle:jdk:1.6.0:update_29
  • Oracle JDK 1.6.0 Update 30
    cpe:2.3:a:oracle:jdk:1.6.0:update_30
  • Oracle JDK 1.6.0 Update 31
    cpe:2.3:a:oracle:jdk:1.6.0:update_31
  • Oracle JDK 1.6.0 Update 32
    cpe:2.3:a:oracle:jdk:1.6.0:update_32
  • Oracle JDK 1.6.0 Update 33
    cpe:2.3:a:oracle:jdk:1.6.0:update_33
  • Oracle JDK 1.6.0 Update 34
    cpe:2.3:a:oracle:jdk:1.6.0:update_34
  • Oracle JDK 1.6.0 Update 35
    cpe:2.3:a:oracle:jdk:1.6.0:update_35
  • Oracle JDK 1.6.0 Update 37
    cpe:2.3:a:oracle:jdk:1.6.0:update_37
  • Oracle JDK 1.6.0 Update 38
    cpe:2.3:a:oracle:jdk:1.6.0:update_38
  • Oracle JDK 1.6.0 Update 39
    cpe:2.3:a:oracle:jdk:1.6.0:update_39
  • Oracle JDK 1.6.0 Update 41
    cpe:2.3:a:oracle:jdk:1.6.0:update_41
  • Oracle JDK 1.6.0 Update 43
    cpe:2.3:a:oracle:jdk:1.6.0:update_43
  • Oracle JDK 1.6.0 Update 45
    cpe:2.3:a:oracle:jdk:1.6.0:update_45
  • Oracle JDK 1.6.0 Update 51
    cpe:2.3:a:oracle:jdk:1.6.0:update_51
  • Oracle JDK 1.6.0 Update 60
    cpe:2.3:a:oracle:jdk:1.6.0:update_60
  • Sun JDK 1.6.0
    cpe:2.3:a:sun:jdk:1.6.0
  • Sun JDK 6 Update 1
    cpe:2.3:a:sun:jdk:1.6.0:update1
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JDK 6 Update 2
    cpe:2.3:a:sun:jdk:1.6.0:update2
  • Sun JDK 1.6.0 Update 10
    cpe:2.3:a:sun:jdk:1.6.0:update_10
  • Sun JDK 1.6.0 Update 11
    cpe:2.3:a:sun:jdk:1.6.0:update_11
  • Sun JDK 1.6.0 Update 12
    cpe:2.3:a:sun:jdk:1.6.0:update_12
  • Sun JDK 1.6.0 Update 13
    cpe:2.3:a:sun:jdk:1.6.0:update_13
  • Sun JDK 1.6.0 Update 14
    cpe:2.3:a:sun:jdk:1.6.0:update_14
  • Sun JDK 1.6.0 Update 15
    cpe:2.3:a:sun:jdk:1.6.0:update_15
  • Sun JDK 1.6.0 Update 16
    cpe:2.3:a:sun:jdk:1.6.0:update_16
  • Sun JDK 1.6.0 Update 17
    cpe:2.3:a:sun:jdk:1.6.0:update_17
  • Sun JDK 1.6.0 Update 18
    cpe:2.3:a:sun:jdk:1.6.0:update_18
  • Sun JDK 1.6.0 Update 19
    cpe:2.3:a:sun:jdk:1.6.0:update_19
  • Sun JDK 1.6.0 Update 20
    cpe:2.3:a:sun:jdk:1.6.0:update_20
  • Sun JDK 1.6.0 Update 21
    cpe:2.3:a:sun:jdk:1.6.0:update_21
  • Sun JDK 1.6.0 Update 3
    cpe:2.3:a:sun:jdk:1.6.0:update_3
  • Sun JDK 1.6.0 Update 4
    cpe:2.3:a:sun:jdk:1.6.0:update_4
  • Sun JDK 1.6.0 Update 5
    cpe:2.3:a:sun:jdk:1.6.0:update_5
  • Sun JDK 1.6.0 Update 6
    cpe:2.3:a:sun:jdk:1.6.0:update_6
  • Sun JDK 1.6.0 Update 7
    cpe:2.3:a:sun:jdk:1.6.0:update_7
  • Oracle JRE 1.6.0 Update 22
    cpe:2.3:a:oracle:jre:1.6.0:update_22
  • Oracle JRE 1.6.0 Update 23
    cpe:2.3:a:oracle:jre:1.6.0:update_23
  • Oracle JRE 1.6.0 Update 24
    cpe:2.3:a:oracle:jre:1.6.0:update_24
  • Oracle JRE 1.6.0 Update 25
    cpe:2.3:a:oracle:jre:1.6.0:update_25
  • Oracle JRE 1.6.0 Update 26
    cpe:2.3:a:oracle:jre:1.6.0:update_26
  • Oracle JRE 1.6.0 Update 27
    cpe:2.3:a:oracle:jre:1.6.0:update_27
  • Oracle JRE 1.6.0 Update 29
    cpe:2.3:a:oracle:jre:1.6.0:update_29
  • Oracle JRE 1.6.0 Update 30
    cpe:2.3:a:oracle:jre:1.6.0:update_30
  • Oracle JRE 1.6.0 Update 31
    cpe:2.3:a:oracle:jre:1.6.0:update_31
  • Oracle JRE 1.6.0 Update 32
    cpe:2.3:a:oracle:jre:1.6.0:update_32
  • Oracle JRE 1.6.0 Update 33
    cpe:2.3:a:oracle:jre:1.6.0:update_33
  • Oracle JRE 1.6.0 Update 34
    cpe:2.3:a:oracle:jre:1.6.0:update_34
  • Oracle JRE 1.6.0 Update 35
    cpe:2.3:a:oracle:jre:1.6.0:update_35
  • Oracle JRE 1.6.0 Update 37
    cpe:2.3:a:oracle:jre:1.6.0:update_37
  • Oracle JRE 1.6.0 Update 38
    cpe:2.3:a:oracle:jre:1.6.0:update_38
  • Oracle JRE 1.6.0 Update 39
    cpe:2.3:a:oracle:jre:1.6.0:update_39
  • Oracle JRE 1.6.0 Update 41
    cpe:2.3:a:oracle:jre:1.6.0:update_41
  • Oracle JRE 1.6.0 Update 43
    cpe:2.3:a:oracle:jre:1.6.0:update_43
  • Oracle JRE 1.6.0 Update 45
    cpe:2.3:a:oracle:jre:1.6.0:update_45
  • Oracle JRE 1.6.0 Update 51
    cpe:2.3:a:oracle:jre:1.6.0:update_51
  • Oracle JRE 1.6.0 Update 60
    cpe:2.3:a:oracle:jre:1.6.0:update_60
  • Sun JRE 1.6.0
    cpe:2.3:a:sun:jre:1.6.0
  • Sun JRE 1.6.0 Update 1
    cpe:2.3:a:sun:jre:1.6.0:update_1
  • Sun JRE 1.6.0 Update 10
    cpe:2.3:a:sun:jre:1.6.0:update_10
  • Sun JRE 1.6.0 Update 11
    cpe:2.3:a:sun:jre:1.6.0:update_11
  • Sun JRE 1.6.0 Update 12
    cpe:2.3:a:sun:jre:1.6.0:update_12
  • Sun JRE 1.6.0 Update 13
    cpe:2.3:a:sun:jre:1.6.0:update_13
  • Sun JRE 1.6.0 Update 14
    cpe:2.3:a:sun:jre:1.6.0:update_14
  • Sun JRE 1.6.0 Update 15
    cpe:2.3:a:sun:jre:1.6.0:update_15
  • Sun JRE 1.6.0 Update 16
    cpe:2.3:a:sun:jre:1.6.0:update_16
  • Sun JRE 1.6.0 Update 17
    cpe:2.3:a:sun:jre:1.6.0:update_17
  • Sun JRE 1.6.0 Update 18
    cpe:2.3:a:sun:jre:1.6.0:update_18
  • Sun JRE 1.6.0 Update 19
    cpe:2.3:a:sun:jre:1.6.0:update_19
  • Sun JRE 1.6.0 Update 2
    cpe:2.3:a:sun:jre:1.6.0:update_2
  • Sun JRE 1.6.0 Update 20
    cpe:2.3:a:sun:jre:1.6.0:update_20
  • Sun JRE 1.6.0 Update 21
    cpe:2.3:a:sun:jre:1.6.0:update_21
  • Sun JRE 1.6.0 Update 3
    cpe:2.3:a:sun:jre:1.6.0:update_3
  • Sun JRE 1.6.0 Update 4
    cpe:2.3:a:sun:jre:1.6.0:update_4
  • Sun JRE 1.6.0 Update 5
    cpe:2.3:a:sun:jre:1.6.0:update_5
  • Sun JRE 1.6.0 Update 6
    cpe:2.3:a:sun:jre:1.6.0:update_6
  • Sun JRE 1.6.0 Update 7
    cpe:2.3:a:sun:jre:1.6.0:update_7
  • Sun JRE 1.6.0 Update 9
    cpe:2.3:a:sun:jre:1.6.0:update_9
  • Oracle JDK 1.7.0
    cpe:2.3:a:oracle:jdk:1.7.0
  • Oracle JDK 1.7.0 update1
    cpe:2.3:a:oracle:jdk:1.7.0:update1
  • Oracle JDK 1.7.0 Update 10
    cpe:2.3:a:oracle:jdk:1.7.0:update10
  • Oracle JDK 1.7.0 Update 11
    cpe:2.3:a:oracle:jdk:1.7.0:update11
  • Oracle JDK 1.7.0 Update 13
    cpe:2.3:a:oracle:jdk:1.7.0:update13
  • Oracle JDK 1.7.0 Update 15
    cpe:2.3:a:oracle:jdk:1.7.0:update15
  • Oracle JDK 1.7.0 Update 17
    cpe:2.3:a:oracle:jdk:1.7.0:update17
  • Oracle JDK 1.7.0 update2
    cpe:2.3:a:oracle:jdk:1.7.0:update2
  • Oracle JDK 1.7.0 Update 21
    cpe:2.3:a:oracle:jdk:1.7.0:update21
  • Oracle JDK 1.7.0 Update 25
    cpe:2.3:a:oracle:jdk:1.7.0:update25
  • Oracle JDK 1.7.0 update3
    cpe:2.3:a:oracle:jdk:1.7.0:update3
  • Oracle JDK 1.7.0 Update 4
    cpe:2.3:a:oracle:jdk:1.7.0:update4
  • Oracle JDK 1.7.0 Update 5
    cpe:2.3:a:oracle:jdk:1.7.0:update5
  • Oracle JDK 1.7.0 Update 6
    cpe:2.3:a:oracle:jdk:1.7.0:update6
  • Oracle JDK 1.7.0 Update 7
    cpe:2.3:a:oracle:jdk:1.7.0:update7
  • Oracle JDK 1.7.0 Update 9
    cpe:2.3:a:oracle:jdk:1.7.0:update9
  • Oracle JDK 1.7.0 Update 40
    cpe:2.3:a:oracle:jdk:1.7.0:update_40
CVSS
Base: 10.0 (as of 16-10-2013 - 14:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-03
    plugin id 72139
    published 2014-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72139
    title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL family Windows
    NASL id LOTUS_NOTES_9_0_1_FP1.NASL
    description The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 73970
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73970
    title IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0414.NASL
    description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 79011
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79011
    title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_7_0-IBM-131119.NASL
    description IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2013-11-21
    plugin id 71020
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71020
    title SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_2013-005.NASL
    description The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-005 update, which updates the Java version to 1.6.0_65. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70458
    published 2013-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70458
    title Mac OS X : Java for OS X 2013-005
  • NASL family Misc.
    NASL id ORACLE_JAVA_CPU_OCT_2013_UNIX.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - BEANS - CORBA - Deployment - JAX-WS - JAXP - JGSS - jhat - JNDI - JavaFX - Javadoc - Libraries - SCRIPTING - Security - Swing
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70473
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70473
    title Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1793.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) Users of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR15 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 78984
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78984
    title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)
  • NASL family Windows
    NASL id LOTUS_DOMINO_9_0_1_FP1.NASL
    description The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 73969
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73969
    title IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1507.NASL
    description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 70791
    published 2013-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70791
    title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_6_UPDATE17.NASL
    description The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 17, which updates the Java version to 1.6.0_65. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70459
    published 2013-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70459
    title Mac OS X : Java for Mac OS X 10.6 Update 17
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-131114.NASL
    description IBM Java 6 SR15 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2013-11-19
    plugin id 70960
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70960
    title SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)
  • NASL family Misc.
    NASL id DOMINO_9_0_1_FP1.NASL
    description According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation, which could aid remote attackers in executing arbitrary code. Note that this issue only affects installs on 32-bit hosts running Linux. (CVE-2014-0892) - Note that the fixes in the Oracle Java CPUs for October 2013 and January 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-0408, CVE-2013-3829, CVE-2013-4002, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5805, CVE-2013-5806, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0892)
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 73968
    published 2014-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73968
    title IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_2014-001.NASL
    description The remote Mac OS X 10.7, 10.8, 10.9, or 10.10 host has a Java runtime that is missing the Java for OS X 2014-001 update, which updates the Java version to 1.6.0_65. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox. Note that the Java for OS X 2014-001 update installs the same version of Java 6 included in Java for OS X 2013-005.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 78891
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78891
    title Mac OS X : Java for OS X 2014-001
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1508.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR15 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 70792
    published 2013-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70792
    title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1508)
  • NASL family Windows
    NASL id ORACLE_JAVA_CPU_OCT_2013.NASL
    description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 45, 6 Update 65, or 5 Update 55. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - BEANS - CORBA - Deployment - JAX-WS - JAXP - JGSS - jhat - JNDI - JavaFX - Javadoc - Libraries - SCRIPTING - Security - Swing
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70472
    published 2013-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70472
    title Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1440.NASL
    description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 70488
    published 2013-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70488
    title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)
oval via4
accepted 2014-02-10T04:00:12.403-05:00
class vulnerability
contributors
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
  • comment Java SE Runtime Environment 6 is installed
    oval oval:org.mitre.oval:def:16362
  • comment Java SE Runtime Environment 7 is installed
    oval oval:org.mitre.oval:def:16050
description Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
family windows
id oval:org.mitre.oval:def:19018
status accepted
submitted 2013-10-24T16:31:26.748+04:00
title Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
version 7
redhat via4
advisories
  • rhsa
    id RHSA-2013:1440
  • rhsa
    id RHSA-2013:1507
  • rhsa
    id RHSA-2013:1508
  • rhsa
    id RHSA-2013:1793
  • rhsa
    id RHSA-2014:0414
refmap via4
apple APPLE-SA-2013-10-15-1
bid 63156
confirm
hp
  • HPSBUX02943
  • HPSBUX02944
secunia 56338
suse SUSE-SU-2013:1677
Last major update 28-11-2016 - 14:09
Published 16-10-2013 - 11:55
Last modified 04-01-2018 - 21:29
Back to Top