{"id": "CVE-2013-5776", "bulletinFamily": "NVD", "title": "CVE-2013-5776", "description": "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.\nPer http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n\n\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.\"", "published": "2013-10-16T15:55:00", "modified": "2018-01-05T02:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5776", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/63152", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19043", "http://secunia.com/advisories/56338", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"], "cvelist": ["CVE-2013-5776"], "type": "cve", "lastseen": "2021-02-02T06:06:58", "edition": 6, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310121127", "OPENVAS:1361412562310804118"]}, {"type": "f5", "idList": ["F5:K95313044"]}, {"type": "nessus", "idList": ["MACOSX_JAVA_2014-001.NASL", "MACOSX_JAVA_10_6_UPDATE17.NASL", "MACOSX_JAVA_2013-005.NASL", "REDHAT-RHSA-2013-1508.NASL", "REDHAT-RHSA-2013-1440.NASL", "REDHAT-RHSA-2013-1507.NASL", "REDHAT-RHSA-2013-1793.NASL", "SUSE_11_JAVA-1_6_0-IBM-131114.NASL", "ORACLE_JAVA_CPU_OCT_2013.NASL", "SUSE_11_JAVA-1_7_0-IBM-131119.NASL"]}, {"type": "redhat", "idList": ["RHSA-2014:0414", "RHSA-2013:1793", "RHSA-2013:1508", "RHSA-2013:1440", "RHSA-2013:1507"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1677-2", "SUSE-SU-2013:1677-3", "SUSE-SU-2013:1677-1"]}, {"type": "aix", "idList": ["JAVA_ADVISORY.ASC"]}, {"type": "kaspersky", "idList": ["KLA10492"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13423"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2013-1899837"]}, {"type": "gentoo", "idList": ["GLSA-201401-30"]}], "modified": "2021-02-02T06:06:58", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-02-02T06:06:58", "rev": 2}, "vulnersScore": 6.2}, "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0"], "affectedSoftware": [{"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "le", "version": "1.7.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jdk", "name": "sun jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "le", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "le", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "sun:jre", "name": "sun jre", "operator": "eq", "version": "1.6.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jre", "name": "oracle jre", "operator": "eq", "version": "1.7.0"}, {"cpeName": "oracle:jdk", "name": "oracle jdk", "operator": "le", "version": "1.6.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_51:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update_40:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_60:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update_40:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_51:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_60:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_45:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_51:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_60:*:*:*:*:*:*", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_60:*:*:*:*:*:*", "versionEndIncluding": "1.6.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_51:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update_40:*:*:*:*:*:*", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update_40:*:*:*:*:*:*", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "refsource": "CONFIRM", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201"}, {"name": "APPLE-SA-2013-10-15-1", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html"}, {"name": "RHSA-2013:1508", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html"}, {"name": "RHSA-2013:1440", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html"}, {"name": "RHSA-2013:1793", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html"}, {"name": "HPSBUX02944", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2"}, {"name": "RHSA-2013:1507", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html"}, {"name": "oval:org.mitre.oval:def:19043", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19043"}, {"name": "63152", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/63152"}, {"name": "RHSA-2014:0414", "refsource": "REDHAT", "tags": [], "url": "https://access.redhat.com/errata/RHSA-2014:0414"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"}, {"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html"}, {"name": "SUSE-SU-2013:1677", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html"}, {"name": "56338", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/56338"}, {"name": "http://support.apple.com/kb/HT5982", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT5982"}, {"name": "HPSBUX02943", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2"}], "immutableFields": []}

{"openvas": [{"lastseen": "2020-05-15T17:27:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5818", "CVE-2013-5776", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5812", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5772"], "description": "This host is installed with Oracle Java SE JRE and is prone to multiple\n vulnerabilities.", "modified": "2020-05-12T00:00:00", "published": "2013-10-25T00:00:00", "id": "OPENVAS:1361412562310804118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804118", "type": "openvas", "title": "Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Oct 2013 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Oct 2013 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804118\");\n script_version(\"2020-05-12T13:57:17+0000\");\n script_cve_id(\"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5812\", \"CVE-2013-5824\",\n \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5823\", \"CVE-2013-5789\",\n \"CVE-2013-5820\", \"CVE-2013-5852\", \"CVE-2013-5848\", \"CVE-2013-5776\",\n \"CVE-2013-5772\", \"CVE-2013-5784\", \"CVE-2013-5787\");\n script_bugtraq_id(63129, 63158, 63126, 63157, 63141, 63110, 63139, 63133, 63130,\n 63124, 63156, 63152, 63089, 63098, 63155);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-12 13:57:17 +0000 (Tue, 12 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-10-25 19:03:24 +0530 (Fri, 25 Oct 2013)\");\n script_name(\"Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 Oct 2013 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java SE JRE and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from the referenced advisory.\");\n\n script_tag(name:\"insight\", value:\"Multiple unspecified vulnerabilities exists, For more details about the\n vulnerabilities refer the reference section.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE 7 update 40 and earlier, 6 update 60 and earlier on Windows.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to affect confidentiality,\n integrity, and availability via unknown vectors.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/55315\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/63158\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:oracle:jre\", \"cpe:/a:sun:jre\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(vers =~ \"^1\\.[67]\") {\n if(version_in_range(version:vers, test_version:\"1.6.0.0\", test_version2:\"1.6.0.60\")||\n version_in_range(version:vers, test_version:\"1.7.0.0\", test_version2:\"1.7.0.40\")) {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "description": "Gentoo Linux Local Security Checks GLSA 201401-30", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121127", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201401-30", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201401-30.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121127\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:40 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201401-30\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201401-30\");\n script_cve_id(\"CVE-2011-3563\", \"CVE-2011-5035\", \"CVE-2012-0497\", \"CVE-2012-0498\", \"CVE-2012-0499\", \"CVE-2012-0500\", \"CVE-2012-0501\", \"CVE-2012-0502\", \"CVE-2012-0503\", \"CVE-2012-0504\", \"CVE-2012-0505\", \"CVE-2012-0506\", \"CVE-2012-0507\", \"CVE-2012-0547\", \"CVE-2012-1531\", \"CVE-2012-1532\", \"CVE-2012-1533\", \"CVE-2012-1541\", \"CVE-2012-1682\", \"CVE-2012-1711\", \"CVE-2012-1713\", \"CVE-2012-1716\", \"CVE-2012-1717\", \"CVE-2012-1718\", \"CVE-2012-1719\", \"CVE-2012-1721\", \"CVE-2012-1722\", \"CVE-2012-1723\", \"CVE-2012-1724\", \"CVE-2012-1725\", \"CVE-2012-1726\", \"CVE-2012-3136\", \"CVE-2012-3143\", \"CVE-2012-3159\", \"CVE-2012-3174\", \"CVE-2012-3213\", \"CVE-2012-3216\", \"CVE-2012-3342\", \"CVE-2012-4416\", \"CVE-2012-4681\", \"CVE-2012-5067\", \"CVE-2012-5068\", \"CVE-2012-5069\", \"CVE-2012-5070\", \"CVE-2012-5071\", \"CVE-2012-5072\", \"CVE-2012-5073\", \"CVE-2012-5074\", \"CVE-2012-5075\", \"CVE-2012-5076\", \"CVE-2012-5077\", \"CVE-2012-5079\", \"CVE-2012-5081\", \"CVE-2012-5083\", \"CVE-2012-5084\", \"CVE-2012-5085\", \"CVE-2012-5086\", \"CVE-2012-5087\", \"CVE-2012-5088\", \"CVE-2012-5089\", \"CVE-2013-0169\", \"CVE-2013-0351\", \"CVE-2013-0401\", \"CVE-2013-0402\", \"CVE-2013-0409\", \"CVE-2013-0419\", \"CVE-2013-0422\", \"CVE-2013-0423\", \"CVE-2013-0430\", \"CVE-2013-0437\", \"CVE-2013-0438\", \"CVE-2013-0445\", \"CVE-2013-0446\", \"CVE-2013-0448\", \"CVE-2013-0449\", \"CVE-2013-0809\", \"CVE-2013-1473\", \"CVE-2013-1479\", \"CVE-2013-1481\", \"CVE-2013-1484\", \"CVE-2013-1485\", \"CVE-2013-1486\", \"CVE-2013-1487\", \"CVE-2013-1488\", \"CVE-2013-1491\", \"CVE-2013-1493\", \"CVE-2013-1500\", \"CVE-2013-1518\", \"CVE-2013-1537\", \"CVE-2013-1540\", \"CVE-2013-1557\", \"CVE-2013-1558\", \"CVE-2013-1561\", \"CVE-2013-1563\", \"CVE-2013-1564\", \"CVE-2013-1569\", \"CVE-2013-1571\", \"CVE-2013-2383\", \"CVE-2013-2384\", \"CVE-2013-2394\", \"CVE-2013-2400\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2414\", \"CVE-2013-2415\", \"CVE-2013-2416\", \"CVE-2013-2417\", \"CVE-2013-2418\", \"CVE-2013-2419\", \"CVE-2013-2420\", \"CVE-2013-2421\", \"CVE-2013-2422\", \"CVE-2013-2423\", \"CVE-2013-2424\", \"CVE-2013-2425\", \"CVE-2013-2426\", \"CVE-2013-2427\", \"CVE-2013-2428\", \"CVE-2013-2429\", \"CVE-2013-2430\", \"CVE-2013-2431\", \"CVE-2013-2432\", \"CVE-2013-2433\", \"CVE-2013-2434\", \"CVE-2013-2435\", \"CVE-2013-2436\", \"CVE-2013-2437\", \"CVE-2013-2438\", \"CVE-2013-2439\", \"CVE-2013-2440\", \"CVE-2013-2442\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2449\", \"CVE-2013-2450\", \"CVE-2013-2451\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2454\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2458\", \"CVE-2013-2459\", \"CVE-2013-2460\", \"CVE-2013-2461\", \"CVE-2013-2462\", \"CVE-2013-2463\", \"CVE-2013-2464\", \"CVE-2013-2465\", \"CVE-2013-2466\", \"CVE-2013-2467\", \"CVE-2013-2468\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\", \"CVE-2013-3743\", \"CVE-2013-3744\", \"CVE-2013-3829\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5775\", \"CVE-2013-5776\", \"CVE-2013-5777\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5805\", \"CVE-2013-5806\", \"CVE-2013-5809\", \"CVE-2013-5810\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5844\", \"CVE-2013-5846\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\", \"CVE-2013-5852\", \"CVE-2013-5854\", \"CVE-2013-5870\", \"CVE-2013-5878\", \"CVE-2013-5887\", \"CVE-2013-5888\", \"CVE-2013-5889\", \"CVE-2013-5893\", \"CVE-2013-5895\", \"CVE-2013-5896\", \"CVE-2013-5898\", \"CVE-2013-5899\", \"CVE-2013-5902\", \"CVE-2013-5904\", \"CVE-2013-5905\", \"CVE-2013-5906\", \"CVE-2013-5907\", \"CVE-2013-5910\", \"CVE-2014-0368\", \"CVE-2014-0373\", \"CVE-2014-0375\", \"CVE-2014-0376\", \"CVE-2014-0382\", \"CVE-2014-0385\", \"CVE-2014-0387\", \"CVE-2014-0403\", \"CVE-2014-0408\", \"CVE-2014-0410\", \"CVE-2014-0411\", \"CVE-2014-0415\", \"CVE-2014-0416\", \"CVE-2014-0417\", \"CVE-2014-0418\", \"CVE-2014-0422\", \"CVE-2014-0423\", \"CVE-2014-0424\", \"CVE-2014-0428\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201401-30\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-java/sun-jdk\", unaffected: make_list(), vulnerable: make_list(\"lt 1.6.0.45\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-java/oracle-jdk-bin\", unaffected: make_list(\"ge 1.7.0.51\"), vulnerable: make_list(\"lt 1.7.0.51\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-java/sun-jre-bin\", unaffected: make_list(), vulnerable: make_list(\"lt 1.6.0.45\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-java/oracle-jre-bin\", unaffected: make_list(\"ge 1.7.0.51\"), vulnerable: make_list(\"lt 1.7.0.51\"))) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-emulation/emul-linux-x86-java\", unaffected: make_list(\"ge 1.7.0.51\"), vulnerable: make_list(\"lt 1.7.0.51\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:29", "bulletinFamily": "software", "cvelist": ["CVE-2013-5848", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5789", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| \nNone| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Management GUI Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-14T00:49:00", "published": "2016-05-25T01:58:00", "href": "https://support.f5.com/csp/article/K95313044", "id": "F5:K95313044", "title": "Multiple Java vulnerabilities", "type": "f5", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-10-28T20:40:16", "description": "The remote Mac OS X 10.7, 10.8, 10.9, or 10.10 host has a Java runtime\nthat is missing the Java for OS X 2014-001 update, which updates the\nJava version to 1.6.0_65. It is, therefore, affected by multiple\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.\n\nNote that the Java for OS X 2014-001 update installs the same version\nof Java 6 included in Java for OS X 2013-005.", "edition": 9, "published": "2014-11-06T00:00:00", "title": "Mac OS X : Java for OS X 2014-001", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-11-06T00:00:00", "cpe": ["cpe:/a:apple:java_1.6"], "id": "MACOSX_JAVA_2014-001.NASL", "href": "https://www.tenable.com/plugins/nessus/78891", "sourceData": "#TRUSTED 868cb323a7de9bcc3870dfbb36c16661ef9d0986eb7e758545c15ed31076fb82a4ffa296312afab0a341cbb24fb8fac6e930861c9ce04b1137198ed4e0664c36e3982f7a425580a3fc0ab1e283dedd1792bdf86620432a78007b247d23e7abc22d521621b5ed34f70dc66022eeeffe72ed5a3d8e41b692b52b80d7c7a13a086092a9ddfaf5c2cb7e640662a5b143b2d3b74d39bf2d0522b5be27c80f7059cc76a79f679b9f39ba42b9e671802d162c2031f7c7c7d39320bbd1c7838d47fb2bf0afabe5841a1b7f0b1c41fe1fbea0ae1226366674b5a4c56fd027990f3c6697dab30ab0aa9dbae2dfc3ea626480197ff42004438fe1a5e65aa980550f70c12b5edf8701b1eec502a80f0bbeabca7536fb23c3e883062e8995af16ef3fbbe57d8238bc6016afdb96abeba73f842008d954b51a22f84bb5caa1d6aaf1f403bec12ab8e62ecd22869699c5dfe91d2750dac1a498fd3e0adcc0ff0a3f37e82a1b6b63fa5528c14cb718a348d2e391be9e806d70d5b067fe769798976d6a22ff61af12c04cc1b775c607a5ce9e0fac64b9a9f458e84cac331ea4b3afc45038273015e738cecaa56a41f82e2ca0cb7ebfd01b3fed7055366cead50ba3b84888d9c5e9739f2efb399fc90105dc5f428a6be7d3f948bb7bfa49a502e6c104256c459bcb3b78bb87b8f7f4a5e5520f44b27b42dd735802bb9d62ecae60e717f815918e8ec9\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78891);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5776\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5809\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\"\n );\n script_bugtraq_id(\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63115,\n 63118,\n 63120,\n 63121,\n 63124,\n 63126,\n 63128,\n 63129,\n 63133,\n 63134,\n 63135,\n 63137,\n 63139,\n 63141,\n 63143,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n\n script_name(english:\"Mac OS X : Java for OS X 2014-001\");\n script_summary(english:\"Checks the version of the JavaVM framework.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a version of Java installed that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.7, 10.8, 10.9, or 10.10 host has a Java runtime\nthat is missing the Java for OS X 2014-001 update, which updates the\nJava version to 1.6.0_65. It is, therefore, affected by multiple\nsecurity vulnerabilities, the most serious of which may allow an\nuntrusted Java applet to execute arbitrary code with the privileges of\nthe current user outside the Java sandbox.\n\nNote that the Java for OS X 2014-001 update installs the same version\nof Java 6 included in Java for OS X 2013-005.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6133\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/dl1572\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the Java for OS X 2014-001 update, which includes version 15.0.0\nof the JavaVM Framework.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (os !~ \"Mac OS X 10\\.([789]|10)([^0-9]|$)\") audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8 / 10.9 / 10.10\");\n\ncmd = 'ls /System/Library/Java';\nresults = exec_cmd(cmd:cmd);\nif (isnull(results)) exit(1, \"Unable to determine if the Java runtime is installed.\");\n\nif ('JavaVirtualMachines' >!< results) audit(AUDIT_NOT_INST, \"Java for OS X\");\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (version !~ \"^[0-9.]+$\") exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"15.0.0\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-28T20:40:15", "description": "The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is\nmissing the Java for OS X 2013-005 update, which updates the Java\nversion to 1.6.0_65. It is, therefore, affected by multiple security\nvulnerabilities, the most serious of which may allow an untrusted Java\napplet to execute arbitrary code with the privileges of the current\nuser outside the Java sandbox.", "edition": 9, "published": "2013-10-16T00:00:00", "title": "Mac OS X : Java for OS X 2013-005", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-16T00:00:00", "cpe": ["cpe:/a:apple:java_1.6"], "id": "MACOSX_JAVA_2013-005.NASL", "href": "https://www.tenable.com/plugins/nessus/70458", "sourceData": "#TRUSTED 7472aa9d514adf17a7fc7892d5f6c26916a66f49b079f45fdad4d3a936ee64769c33f638831b526c07b6d0c532d6cae36e0241a92c2a6590ee7201236af17a1e079227259616c10a8230222f431c8996ebd2c53a1684b6d5769f48e4520a3e7ad4ea1884c62131017e97425905e591e5f35af195f21ad63a5d548af1fab613932b88fa8e136da929838f103415ee53f2949695d6bb4f1b3f235550943afbf6ccc1b38282eb00c90bb11793471ae75589589d57d782e38b51b1f3677476abf52bc4075b522438dbfb5a1de46ab49e6478721d41d2e8a2727577844483503b82d1b5324e01bf2301ff376a3ce64d5963d3c6e845c2a1d33b938fef69c51e2345d5b3296673afad0ca5f842bbec7bb9c99aadb5d7c392bfbb1980c53e633b618b6f0ba894fa622c594f9793f35a0385060b39ce080b536139a75942da68a4bc12147d58eb356a37af33d24aad46fc51234723d8ef78b3d4a6a2433801ab9a7843b8c1d4792d7c45b566f8fce897def7db5cc021b3b985af6542aee5b0b887ebf39123000f26c73a20cdec37fb1a510d7ddfee6243b5a270c9d74e3dd84e2e2060cfe9bc385df810e6eedb2c0b7e0de8f8ec840a18cf400e53f49ecb29d55baaeea103d50bdf56e5195023b5c764d43d7d20ceb955e5a9d1dca5f5744d27799c8e01978a3020526dbbf6220dadf8de3781de9996ca4d1ccf79f6f3f3dac926680468\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(70458);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5776\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5809\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\"\n );\n script_bugtraq_id(\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63115,\n 63118,\n 63120,\n 63121,\n 63124,\n 63126,\n 63128,\n 63129,\n 63133,\n 63134,\n 63135,\n 63137,\n 63139,\n 63141,\n 63143,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-10-15-1\");\n script_xref(name:\"IAVA\", value:\"2013-A-0191\");\n\n script_name(english:\"Mac OS X : Java for OS X 2013-005\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is\nmissing the Java for OS X 2013-005 update, which updates the Java\nversion to 1.6.0_65. It is, therefore, affected by multiple security\nvulnerabilities, the most serious of which may allow an untrusted Java\napplet to execute arbitrary code with the privileges of the current\nuser outside the Java sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-244/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-245/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-246/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-248/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5982\");\n # http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74a1d7ee\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/529239/30/0/threaded\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the Java for OS X 2013-005 update, which includes version\n14.9.0 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\n\ncmd = 'ls /System/Library/Java';\nresults = exec_cmd(cmd:cmd);\nif (isnull(results)) exit(1, \"Unable to determine if the Java runtime is installed.\");\n\nif ('JavaVirtualMachines' >!< results) audit(AUDIT_NOT_INST, \"Java for OS X\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"14.9.0\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-28T20:40:10", "description": "The remote Mac OS X host has a version of Java for Mac OS X 10.6 that\nis missing Update 17, which updates the Java version to 1.6.0_65. It\nis, therefore, affected by multiple security vulnerabilities, the most\nserious of which may allow an untrusted Java applet to execute\narbitrary code with the privileges of the current user outside the\nJava sandbox.", "edition": 9, "published": "2013-10-16T00:00:00", "title": "Mac OS X : Java for Mac OS X 10.6 Update 17", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-16T00:00:00", "cpe": ["cpe:/a:apple:java_1.6"], "id": "MACOSX_JAVA_10_6_UPDATE17.NASL", "href": "https://www.tenable.com/plugins/nessus/70459", "sourceData": "#TRUSTED 45ce0d5e6c7aaa8c3ea7f45d56e41de7f91e89e90df7594b285e23fb8e8d20a9b7c1508a66c617a0389102509a8218114bfea3f924eed3231bc25165cb8ea92b2b25a9d9ff7fadc8dc7af7af7206cd65a11a4243c6f461ec591d886f833447717a50e09d9fa9601caf449e742ae1a6b86576c16da5eb8e163d02dee999461b44c1bec7512a04f2e40ab959afa2a8700d2bcd2c5a417c8ff9893e33e92feb72beaa76ce967c8721ea39b7fac7b9507a331c659e6a71513db61a68f018b42716f4c9bf1ddc341d05d589bba74ca183bf4cc8f8b453f426d07ae970a6e575e548ce24909e860130712ff138d3c8a45fdb8dd65d3d616318d08bfd763e8f0883e4faa170a542af2e9dcfd177cc75527269e9aa6dc32350e3a10d1138077ce8f0b3affdb14c4e042c76dbb0dcb2a3affada7b6f438cb4092853c924629cf999b2234f0d94127362517d3eed55c29dc44738bed0fa4e338056d93be9fa131679605a42a2956840ca4337adaae0dce60d6b1b0a1f1eca6460a39d0f9b14e997e6ccb2e3554bf013d36fc7b1f7fe51f5dce7251ea194f316d0cecce42e2bfec1a22e1010fa70085c84519fe922f201214e90db6a6d987a0bee8063025cad29b86babf1106fd113b2cdb19d724c0bbd793173bca379b50003a9bf7fea96b323f7dd0cb058b9ae0e00f99c63637489946db222f3845f7971b881f50d3ec8dbadefd963f6e4\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(70459);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2018/07/14\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5776\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5809\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\"\n );\n script_bugtraq_id(\n 61310,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63115,\n 63118,\n 63120,\n 63121,\n 63124,\n 63126,\n 63128,\n 63129,\n 63133,\n 63134,\n 63135,\n 63137,\n 63139,\n 63141,\n 63143,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-10-15-1\");\n script_xref(name:\"IAVA\", value:\"2013-A-0191\");\n\n script_name(english:\"Mac OS X : Java for Mac OS X 10.6 Update 17\");\n script_summary(english:\"Checks version of the JavaVM framework\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host has a version of Java that is affected by multiple\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host has a version of Java for Mac OS X 10.6 that\nis missing Update 17, which updates the Java version to 1.6.0_65. It\nis, therefore, affected by multiple security vulnerabilities, the most\nserious of which may allow an untrusted Java applet to execute\narbitrary code with the privileges of the current user outside the\nJava sandbox.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-244/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-245/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-246/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-248/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5982\");\n # http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74a1d7ee\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/529239/30/0/threaded\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Java for Mac OS X 10.6 Update 17, which includes version\n13.9.8 of the JavaVM Framework.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:java_1.6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssh_func.inc\");\ninclude(\"macosx_func.inc\");\n\n\nif(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)\n enable_ssh_wrappers();\nelse disable_ssh_wrappers();\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.6([^0-9]|$)\", string:os))\n audit(AUDIT_OS_NOT, \"Mac OS X 10.6\");\n\n\nplist = \"/System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/version.plist\";\ncmd =\n 'plutil -convert xml1 -o - \\'' + plist + '\\' | ' +\n 'grep -A 1 CFBundleVersion | ' +\n 'tail -n 1 | ' +\n 'sed \\'s/.*string>\\\\(.*\\\\)<\\\\/string>.*/\\\\1/g\\'';\nversion = exec_cmd(cmd:cmd);\nif (!strlen(version)) exit(1, \"Failed to get the version of the JavaVM Framework.\");\n\nversion = chomp(version);\nif (!ereg(pattern:\"^[0-9]+\\.\", string:version)) exit(1, \"The JavaVM Framework version does not appear to be numeric (\"+version+\").\");\n\nfixed_version = \"13.9.8\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Framework : JavaVM' +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"JavaVM Framework\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:13:28", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772,\nCVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787,\nCVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819,\nCVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825,\nCVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832,\nCVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848,\nCVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR15 release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "edition": 25, "published": "2013-11-08T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1508)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm"], "id": "REDHAT-RHSA-2013-1508.NASL", "href": "https://www.tenable.com/plugins/nessus/70792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1508. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70792);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4041\", \"CVE-2013-5372\", \"CVE-2013-5375\", \"CVE-2013-5457\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5776\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5789\", \"CVE-2013-5797\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(63082, 63089, 63095, 63098, 63101, 63103, 63106, 63110, 63115, 63118, 63120, 63121, 63124, 63126, 63128, 63129, 63133, 63134, 63135, 63137, 63139, 63141, 63142, 63143, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158, 63224);\n script_xref(name:\"RHSA\", value:\"2013:1508\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1508)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 6 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772,\nCVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787,\nCVE-2013-5789, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819,\nCVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825,\nCVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832,\nCVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848,\nCVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR15 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5457\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1508\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-accessibility-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-demo-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-javacomm-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-jdbc-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-plugin-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-src-1.6.0.15.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-accessibility / java-1.6.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:13:50", "description": "Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.4, 5.5 and 5.6. In a typical operating environment, these are\nof low security risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375,\nCVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776,\nCVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797,\nCVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804,\nCVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823,\nCVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nUsers of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised\nto upgrade to these updated packages, which contain the IBM Java SE 6\nSR15 release. For this update to take effect, Red Hat Network\nSatellite Server must be restarted ('/usr/sbin/rhn-satellite\nrestart'), as well as all running instances of IBM Java.", "edition": 27, "published": "2014-11-08T00:00:00", "title": "RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-11-08T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-1793.NASL", "href": "https://www.tenable.com/plugins/nessus/78984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1793. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78984);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4041\", \"CVE-2013-5372\", \"CVE-2013-5375\", \"CVE-2013-5457\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5776\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5789\", \"CVE-2013-5797\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_xref(name:\"RHSA\", value:\"2013:1793\");\n\n script_name(english:\"RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1793)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-ibm packages that fix several security issues are\nnow available for Red Hat Network Satellite Server 5.4, 5.5 and 5.6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThis update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite\nServer 5.4, 5.5 and 5.6. In a typical operating environment, these are\nof low security risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375,\nCVE-2013-5457, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776,\nCVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797,\nCVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804,\nCVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823,\nCVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nUsers of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised\nto upgrade to these updated packages, which contain the IBM Java SE 6\nSR15 release. For this update to take effect, Red Hat Network\nSatellite Server must be restarted ('/usr/sbin/rhn-satellite\nrestart'), as well as all running instances of IBM Java.\"\n );\n # http://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5457\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.6.0-ibm and / or java-1.6.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1793\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL5\", rpm:\"spacewalk-admin-\") || rpm_exists(release:\"RHEL6\", rpm:\"spacewalk-admin-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Satellite Server\");\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-ibm / java-1.6.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:13:22", "description": "Updated java-1.7.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457,\nCVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776,\nCVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809,\nCVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831,\nCVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR6 release. All running\ninstances of IBM Java must be restarted for the update to take effect.", "edition": 25, "published": "2013-11-08T00:00:00", "title": "RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm"], "id": "REDHAT-RHSA-2013-1507.NASL", "href": "https://www.tenable.com/plugins/nessus/70791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1507. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70791);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4041\", \"CVE-2013-5372\", \"CVE-2013-5375\", \"CVE-2013-5456\", \"CVE-2013-5457\", \"CVE-2013-5458\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5776\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63124, 63126, 63128, 63129, 63131, 63133, 63134, 63135, 63137, 63139, 63141, 63142, 63143, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158, 63224);\n script_xref(name:\"RHSA\", value:\"2013:1507\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM Java SE version 7 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457,\nCVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776,\nCVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809,\nCVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831,\nCVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR6 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5458\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1507\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-demo-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-devel-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-jdbc-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-plugin-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-ibm-src-1.7.0.6.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-ibm / java-1.7.0-ibm-demo / java-1.7.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:39:12", "description": "IBM Java 6 SR15 has been released and fixes lots of bugs and security\nissues.\n\nMore information can be found on:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 17, "published": "2013-11-19T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa"], "id": "SUSE_11_JAVA-1_6_0-IBM-131114.NASL", "href": "https://www.tenable.com/plugins/nessus/70960", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70960);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4041\", \"CVE-2013-5372\", \"CVE-2013-5375\", \"CVE-2013-5456\", \"CVE-2013-5457\", \"CVE-2013-5458\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5776\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 6 SR15 has been released and fixes lots of bugs and security\nissues.\n\nMore information can be found on:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5375.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5787.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5801.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5818.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5819.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5824.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5831.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5832.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8549 / 8550 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-fonts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"java-1_6_0-ibm-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:39:47", "description": "IBM Java 7 SR6 has been released and fixes lots of bugs and security\nissues.\n\nMore information can be found on:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/", "edition": 17, "published": "2013-11-21T00:00:00", "title": "SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_JAVA-1_7_0-IBM-131119.NASL", "href": "https://www.tenable.com/plugins/nessus/71020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71020);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4041\", \"CVE-2013-5372\", \"CVE-2013-5375\", \"CVE-2013-5456\", \"CVE-2013-5457\", \"CVE-2013-5458\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5776\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n\n script_name(english:\"SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 7 SR6 has been released and fixes lots of bugs and security\nissues.\n\nMore information can be found on:\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=849212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4041.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5372.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5375.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5458.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5787.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5801.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5818.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5819.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5824.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5831.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5832.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 8565 / 8566 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_7_0-ibm-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"java-1_7_0-ibm-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:13:05", "description": "Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778,\nCVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784,\nCVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790,\nCVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810,\nCVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831,\nCVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848,\nCVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852,\nCVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.", "edition": 21, "published": "2013-10-18T00:00:00", "title": "RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5775", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin"], "id": "REDHAT-RHSA-2013-1440.NASL", "href": "https://www.tenable.com/plugins/nessus/70488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1440. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70488);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5775\", \"CVE-2013-5776\", \"CVE-2013-5777\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5787\", \"CVE-2013-5788\", \"CVE-2013-5789\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5801\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5810\", \"CVE-2013-5812\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5818\", \"CVE-2013-5819\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5824\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5831\", \"CVE-2013-5832\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5843\", \"CVE-2013-5844\", \"CVE-2013-5846\", \"CVE-2013-5848\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\", \"CVE-2013-5852\", \"CVE-2013-5854\");\n script_bugtraq_id(61310, 63079, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63124, 63126, 63127, 63128, 63129, 63131, 63132, 63133, 63134, 63135, 63136, 63137, 63139, 63140, 63141, 63142, 63143, 63144, 63145, 63146, 63147, 63148, 63149, 63150, 63151, 63152, 63153, 63154, 63155, 63156, 63157, 63158);\n script_xref(name:\"RHSA\", value:\"2013:1440\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-oracle packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE\nCritical Patch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5775, CVE-2013-5776, CVE-2013-5777, CVE-2013-5778,\nCVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784,\nCVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790,\nCVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810,\nCVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831,\nCVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848,\nCVE-2013-5849, CVE-2013-5850, CVE-2013-5851, CVE-2013-5852,\nCVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these\nissues. All running instances of Oracle Java must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5775.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5777.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5787.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5788.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5801.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5810.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5812.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5818.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5819.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5824.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5831.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5832.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5843.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5844.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5846.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5848.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5852.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5854.html\"\n );\n # http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac29c174\"\n );\n # http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c8fe88a\"\n );\n # http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f6e7bee\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1440.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.1.el5_10\")) flag++;\n\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.45-1jpp.2.el6_4\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T04:57:03", "description": "The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 45, 6 Update 65,\nor 5 Update 55. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2013-10-17T00:00:00", "title": "Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5775", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:oracle:jre", "cpe:/a:oracle:jdk"], "id": "ORACLE_JAVA_CPU_OCT_2013.NASL", "href": "https://www.tenable.com/plugins/nessus/70472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70472);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-3829\",\n \"CVE-2013-4002\",\n \"CVE-2013-5772\",\n \"CVE-2013-5774\",\n \"CVE-2013-5775\",\n \"CVE-2013-5776\",\n \"CVE-2013-5777\",\n \"CVE-2013-5778\",\n \"CVE-2013-5780\",\n \"CVE-2013-5782\",\n \"CVE-2013-5783\",\n \"CVE-2013-5784\",\n \"CVE-2013-5787\",\n \"CVE-2013-5788\",\n \"CVE-2013-5789\",\n \"CVE-2013-5790\",\n \"CVE-2013-5797\",\n \"CVE-2013-5800\",\n \"CVE-2013-5801\",\n \"CVE-2013-5802\",\n \"CVE-2013-5803\",\n \"CVE-2013-5804\",\n \"CVE-2013-5805\",\n \"CVE-2013-5806\",\n \"CVE-2013-5809\",\n \"CVE-2013-5810\",\n \"CVE-2013-5812\",\n \"CVE-2013-5814\",\n \"CVE-2013-5817\",\n \"CVE-2013-5818\",\n \"CVE-2013-5819\",\n \"CVE-2013-5820\",\n \"CVE-2013-5823\",\n \"CVE-2013-5824\",\n \"CVE-2013-5825\",\n \"CVE-2013-5829\",\n \"CVE-2013-5830\",\n \"CVE-2013-5831\",\n \"CVE-2013-5832\",\n \"CVE-2013-5838\",\n \"CVE-2013-5840\",\n \"CVE-2013-5842\",\n \"CVE-2013-5843\",\n \"CVE-2013-5844\",\n \"CVE-2013-5846\",\n \"CVE-2013-5848\",\n \"CVE-2013-5849\",\n \"CVE-2013-5850\",\n \"CVE-2013-5851\",\n \"CVE-2013-5852\",\n \"CVE-2013-5854\"\n );\n script_bugtraq_id(\n 58507,\n 59141,\n 59153,\n 59165,\n 59167,\n 59170,\n 59184,\n 59187,\n 59194,\n 59206,\n 59212,\n 59213,\n 59219,\n 59228,\n 59243,\n 60617,\n 60618,\n 60619,\n 60620,\n 60621,\n 60622,\n 60623,\n 60624,\n 60625,\n 60626,\n 60627,\n 60629,\n 60630,\n 60631,\n 60632,\n 60633,\n 60634,\n 60635,\n 60637,\n 60638,\n 60639,\n 60640,\n 60641,\n 60643,\n 60644,\n 60645,\n 60646,\n 60647,\n 60649,\n 60650,\n 60651,\n 60652,\n 60653,\n 60654,\n 60655,\n 60656,\n 60657,\n 60658,\n 60659,\n 61310,\n 63079,\n 63082,\n 63089,\n 63095,\n 63098,\n 63101,\n 63102,\n 63103,\n 63106,\n 63110,\n 63111,\n 63112,\n 63115,\n 63118,\n 63120,\n 63121,\n 63122,\n 63124,\n 63126,\n 63127,\n 63128,\n 63129,\n 63130,\n 63131,\n 63132,\n 63133,\n 63134,\n 63135,\n 63136,\n 63137,\n 63139,\n 63140,\n 63141,\n 63142,\n 63143,\n 63144,\n 63145,\n 63146,\n 63147,\n 63148,\n 63149,\n 63150,\n 63151,\n 63152,\n 63153,\n 63154,\n 63155,\n 63156,\n 63157,\n 63158\n );\n\n script_name(english:\"Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)\");\n script_summary(english:\"Checks version of the JRE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a programming platform that is\npotentially affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle (formerly Sun) Java SE or Java for Business\ninstalled on the remote host is earlier than 7 Update 45, 6 Update 65,\nor 5 Update 55. It is, therefore, potentially affected by security\nissues in the following components :\n\n - 2D\n - AWT\n - BEANS\n - CORBA\n - Deployment\n - JAX-WS\n - JAXP\n - JGSS\n - jhat\n - JNDI\n - JavaFX\n - Javadoc\n - Libraries\n - SCRIPTING\n - Security\n - Swing\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-244/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-245/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-246/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-247/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-248/\");\n # https://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixJAVA\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?94fd7b37\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/java/eol-135779.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to JDK / JRE 7 Update 45, 6 Update 65, or 5 Update 55 or later\nand, if necessary, remove any affected versions.\n\nNote that an Extended Support contract with Oracle is needed to obtain\nJDK / JRE 5 Update 55 or later or 6 Update 65 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jre\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:jdk\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"sun_java_jre_installed.nasl\");\n script_require_keys(\"SMB/Java/JRE/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# Check each installed JRE.\ninstalls = get_kb_list_or_exit(\"SMB/Java/JRE/*\");\n\ninfo = \"\";\nvuln = 0;\ninstalled_versions = \"\";\n\nforeach install (list_uniq(keys(installs)))\n{\n ver = install - \"SMB/Java/JRE/\";\n if (ver !~ \"^[0-9.]+\") continue;\n\n installed_versions = installed_versions + \" & \" + ver;\n\n if (\n ver =~ '^1\\\\.5\\\\.0_([0-9]|[0-4][0-9]|5[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.6\\\\.0_([0-9]|[0-5][0-9]|6[0-4])([^0-9]|$)' ||\n ver =~ '^1\\\\.7\\\\.0_([0-9]|[0-3][0-9]|4[0-4])([^0-9]|$)'\n )\n {\n dirs = make_list(get_kb_list(install));\n vuln += max_index(dirs);\n\n foreach dir (dirs)\n info += '\\n Path : ' + dir;\n\n info += '\\n Installed version : ' + ver;\n info += '\\n Fixed version : 1.5.0_55 / 1.6.0_65 / 1.7.0_45\\n';\n }\n}\n\n# Report if any were found to be vulnerable.\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Java are\";\n else s = \" of Java is\";\n\n report =\n '\\n' +\n 'The following vulnerable instance'+s+' installed on the\\n' +\n 'remote host :\\n' +\n info;\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse\n{\n installed_versions = substr(installed_versions, 3);\n if (\" & \" >< installed_versions)\n exit(0, \"The Java \"+installed_versions+\" installs on the remote host are not affected.\");\n else\n audit(AUDIT_INST_VER_NOT_VULN, \"Java\", installed_versions);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4, 5.5 and 5.6. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,\nCVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804,\nCVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825,\nCVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840,\nCVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nUsers of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to\nupgrade to these updated packages, which contain the IBM Java SE 6 SR15\nrelease. For this update to take effect, Red Hat Network Satellite Server\nmust be restarted (\"/usr/sbin/rhn-satellite restart\"), as well as all\nrunning instances of IBM Java.\n", "modified": "2018-06-07T09:02:28", "published": "2013-12-05T05:00:00", "id": "RHSA-2013:1793", "href": "https://access.redhat.com/errata/RHSA-2013:1793", "type": "redhat", "title": "(RHSA-2013:1793) Low: Red Hat Network Satellite server IBM Java Runtime security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:43", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843,\nCVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR15 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:27", "published": "2013-11-07T05:00:00", "id": "RHSA-2013:1508", "href": "https://access.redhat.com/errata/RHSA-2013:1508", "type": "redhat", "title": "(RHSA-2013:1508) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5456", "CVE-2013-5457", "CVE-2013-5458", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788,\nCVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR6 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:36", "published": "2013-11-07T05:00:00", "id": "RHSA-2013:1507", "href": "https://access.redhat.com/errata/RHSA-2013:1507", "type": "redhat", "title": "(RHSA-2013:1507) Critical: java-1.7.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5775", "CVE-2013-5776", "CVE-2013-5777", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5810", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5844", "CVE-2013-5846", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-5852", "CVE-2013-5854"], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775,\nCVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782,\nCVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "modified": "2018-06-07T09:04:29", "published": "2013-10-17T04:00:00", "id": "RHSA-2013:1440", "href": "https://access.redhat.com/errata/RHSA-2013:1440", "type": "redhat", "title": "(RHSA-2013:1440) Critical: java-1.7.0-oracle security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:05", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743", "CVE-2013-3829", "CVE-2013-4002", "CVE-2013-4578", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5852", "CVE-2013-5878", "CVE-2013-5884", "CVE-2013-5887", "CVE-2013-5888", "CVE-2013-5889", "CVE-2013-5896", "CVE-2013-5898", "CVE-2013-5899", "CVE-2013-5902", "CVE-2013-5905", "CVE-2013-5906", "CVE-2013-5907", "CVE-2013-5910", "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0375", "CVE-2014-0376", "CVE-2014-0387", "CVE-2014-0403", "CVE-2014-0410", "CVE-2014-0411", "CVE-2014-0415", "CVE-2014-0416", "CVE-2014-0417", "CVE-2014-0418", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0424", "CVE-2014-0428", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428"], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory pages, listed in the References section.\n(CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437,\nCVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446,\nCVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452,\nCVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457,\nCVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803,\nCVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832,\nCVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887,\nCVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899,\nCVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910,\nCVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375,\nCVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411,\nCVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422,\nCVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446,\nCVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456,\nCVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876,\nCVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412,\nCVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427,\nCVE-2014-2428)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 75 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "modified": "2018-06-07T18:20:34", "published": "2014-04-17T15:19:24", "id": "RHSA-2014:0414", "href": "https://access.redhat.com/errata/RHSA-2014:0414", "type": "redhat", "title": "(RHSA-2014:0414) Important: java-1.6.0-sun security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "IBM Java 5 SR16-FP4 has been released which fixes lots of\n bugs and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "modified": "2013-11-15T00:04:35", "published": "2013-11-15T00:04:35", "id": "SUSE-SU-2013:1677-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "type": "suse", "title": "Security update for IBM Java 5 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "IBM Java 7 SR6 has been released and fixes lots of bugs and\n security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "modified": "2013-11-22T08:04:19", "published": "2013-11-22T08:04:19", "id": "SUSE-SU-2013:1677-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00022.html", "type": "suse", "title": "Security update for IBM Java 7 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "IBM Java 6 SR15 has been released which fixes lots of bugs\n and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "modified": "2013-11-19T00:04:12", "published": "2013-11-19T00:04:12", "id": "SUSE-SU-2013:1677-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00018.html", "title": "Security update for Java 6 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "aix": [{"lastseen": "2019-05-29T19:19:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Dec 11 10:53:34 CST 2013\n| Updated: Mon Feb 3 10:36:58 CST 2014\n| Updated: Sections II and III modifications\n| Updated: Includes VIOS\n\nThe most recent version of this document is available here:\n\nhttps://aix.software.ibm.com/aix/efixes/security/java_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_advisory.asc\n\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Multiple vulnerabilities in current releases of the IBM\u00ae SDK,\n\t\t\t\t Java Technology Edition.\n\nPLATFORMS: PowerSC and AIX 5.3, 6.1 and 7.1.\n| VIOS 2.2.x\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: Varies threats described below.\n\nCERT VU Number: n/a\nCVE Numbers: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 \n CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 \n CVE-2013-5830 CVE-2013-5829 CVE-2013-5787 CVE-2013-5788 \n CVE-2013-5824 CVE-2013-5842 CVE-2013-5782 CVE-2013-5817 \n CVE-2013-5809 CVE-2013-5814 CVE-2013-5832 CVE-2013-5850 \n CVE-2013-5838 CVE-2013-5802 CVE-2013-5812 CVE-2013-5804 \n CVE-2013-5783 CVE-2013-3829 CVE-2013-5823 CVE-2013-5831 \n CVE-2013-5820 CVE-2013-5819 CVE-2013-5818 CVE-2013-5848 \n CVE-2013-5776 CVE-2013-5774 CVE-2013-5825 CVE-2013-5840 \n CVE-2013-5801 CVE-2013-5778 CVE-2013-5851 CVE-2013-5800 \n CVE-2013-5784 CVE-2013-5849 CVE-2013-5790 CVE-2013-5780 \n CVE-2013-5797 CVE-2013-5803 CVE-2013-5772 \n\n|Reboot required? NO\n|Workarounds? NO\n \n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION\n\n There are a number of vulnerabilities in the IBM SDK, Java Technology\n Edition that affect various components. CVE-2013-5456, CVE-2013-5457 and\n CVE-2013-5458 allow code running under a security manager to escalate its\n privileges by modifying or removing the security manager. CVE-2013-4041 \n and CVE-2013-5375 allow code running under a security manager to access \n restricted classes. These vulnerabilities could occur when untrusted code \n is executed under a security manager, or when the IBM SDK, Java Technology\n Edition has been associated with a web browser for running applets and Web\n Start applications.\n\n CVE-2013-5372 is a denial of service vulnerability which could result in a \n complete availability impact on the affected system.\n\n This bulletin also covers all applicable CVEs published by Oracle as part \n of their October 2013 Java SE Critical Patch Update. For more information \n please refer to Oracle's October 2013 Java SE CPU Advisory. \n\nII. CVSS\n\n CVEID: CVE-2013-5456\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88255 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-5457\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88256 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-5458\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88257 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-4041\n CVSS Base Score: 6.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86416 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVEID: CVE-2013-5375\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86901 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n CVEID: CVE-2013-5372\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86662 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVEID: CVE-2013-5843\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87971 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5789\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87968 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5830\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87961 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5829\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87963 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5787\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87967 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5788\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87966 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5824\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87965 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5842\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87970 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5782\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87960 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5817\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87969 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5809\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87962 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5814\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87964 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5832\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87972 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5850\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87973 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5838\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87974 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5802\n CVSS Base Score: 7.5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87982 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)\n\n CVEID: CVE-2013-5812\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87985 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/P)\n\n CVEID: CVE-2013-5804\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87984 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-5783\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87987 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-3829\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87986 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-5823\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87989 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5831\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87995 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5820\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87996 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5819\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87994 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5818\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87993 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5848\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88000 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5776\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87992 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5774\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87999 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5825\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87988 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5840\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87998 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5801\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87991 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5778\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87990 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5851\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87997 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5800\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88002 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5784\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88005 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/N:I/P:A/N)\n \n CVEID: CVE-2013-5849\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88003 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5790\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88004 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5780\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5797\n CVSS Base Score: 3.5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88006 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/S:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5803\n CVSS Base Score: 2.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88008 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5772\n CVSS Base Score: 2.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88007 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N) \n\n| III. PLATFORM VULNERABILITY ASSESSMENT\n\n| To determine if your system is vulnerable, run the following commands for the Java version\n| on your system:\n\n| # lslpp -l | grep Java | grep sdk\n| # lslpp -l | grep Java | grep jre\n\n| The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:\n| For Java5: Less than 5.0.0.560\n| For Java6: Less than 6.0.0.435\n| For Java7: Less than 7.0.0.110\n\n| Java7 Release 1: 7.1.0.000 is NOT vulnerable\n\nIV. FIXES\n\n AFFECTED PRODUCTS AND VERSIONS:\n AIX 5.3\n AIX 6.1\n AIX 7.1\n PowerSC \n| VIOS 2.2.x\n\n REMEDIATION:\n IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 4 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j5b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j5b&S_TACT=105AGX05&S_CMP=JDK\n\n IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j6b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j6b&S_TACT=105AGX05&S_CMP=JDK\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 6 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j7b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j7b&S_TACT=105AGX05&S_CMP=JDK\n\n To learn more about AIX support levels and Java service releases, see the following:\n http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels\n\nV. WORKAROUNDS\n\n None\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq \n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To request the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\nVII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n CVE-2013-5456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456\n CVE-2013-5457: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457\n CVE-2013-5458: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458 \n CVE-2013-4041: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041 \n CVE-2013-5375: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375\n CVE-2013-5372: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372\n CVE-2013-5843: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843\n CVE-2013-5789: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789\n CVE-2013-5830: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830\n CVE-2013-5829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829 \n CVE-2013-5787: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787\n CVE-2013-5788: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788\n CVE-2013-5824: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824\n CVE-2013-5842: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842\n CVE-2013-5782: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782\n CVE-2013-5817: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817\n CVE-2013-5809: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809\n CVE-2013-5814: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814\n CVE-2013-5832: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832\n CVE-2013-5850: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850\n CVE-2013-5838: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838\n CVE-2013-5802: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802\n CVE-2013-5812: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812\n CVE-2013-5804: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804\n CVE-2013-5783: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783\n CVE-2013-3829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829\n CVE-2013-5823: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823\n CVE-2013-5831: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831\n CVE-2013-5820: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820\n CVE-2013-5819: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819\n CVE-2013-5818: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818\n CVE-2013-5848: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848\n CVE-2013-5776: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776\n CVE-2013-5774: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774\n CVE-2013-5825: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825\n CVE-2013-5840: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840\n CVE-2013-5801: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801\n CVE-2013-5778: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778\n CVE-2013-5851: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851\n CVE-2013-5800: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800\n CVE-2013-5784: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784\n CVE-2013-5849: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849\n CVE-2013-5790: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790\n CVE-2013-5780: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780\n CVE-2013-5797: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797\n CVE-2013-5803: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803\n CVE-2013-5772: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlLvxe4ACgkQ4fmd+Ci/qhIyJwCghirbKIbzL2db7Xa9FO8OqgQE\n6OsAni19Xm6ZmA0RHMjPG46p/4wk8p8D\n=rWHF\n-----END PGP SIGNATURE-----\n", "edition": 4, "modified": "2014-02-03T10:36:58", "published": "2013-12-11T10:53:34", "id": "JAVA_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_advisory.asc", "title": "Multiple Java vulnerabilities", "type": "aix", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T12:00:19", "bulletinFamily": "info", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5775", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "description": "### *Detect date*:\n10/16/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely via an unknwn vectors related to CORBA, JNDI, BEANS, AWT, JAX-WS, Security, JGSS, Javadoc, SCRIPTING, JavaFX, Swing, Libraries, jhat, Deployment, 2D, JAXP and other unknown vectors.\n\n### *Affected products*:\nOracle Java SE 7 versions 7.40 and earlier \nOracle Java SE 6 versions 6.60 and earlier \nOracle Java SE 5 versions 5.51 and earlier \nOracle JRockit R28 versions 28.2.8 and earlier \nOracle JRockit R27 versions 27.7.6 and earlier\n\n### *Solution*:\nUpdate to latest version! \n[Java SE download page](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Sun Java JRE](<https://threats.kaspersky.com/en/product/Sun-Java-JRE/>)\n\n### *CVE-IDS*:\n[CVE-2013-5787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787>)10.0Critical \n[CVE-2013-5783](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783>)6.4High \n[CVE-2013-5800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800>)4.3Warning \n[CVE-2013-5810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5810>)9.3Critical \n[CVE-2013-5803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803>)2.6Warning \n[CVE-2013-5838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838>)9.3Critical \n[CVE-2013-5852](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852>)7.6Critical \n[CVE-2013-5790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790>)4.3Warning \n[CVE-2013-3829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829>)6.4High \n[CVE-2013-5854](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5854>)2.6Warning \n[CVE-2013-5848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848>)5.0Critical \n[CVE-2013-5806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5806>)9.3Critical \n[CVE-2013-5829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829>)10.0Critical \n[CVE-2013-5849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849>)4.3Warning \n[CVE-2013-5797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797>)3.5Warning \n[CVE-2013-4002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002>)7.1High \n[CVE-2013-5844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5844>)9.3Critical \n[CVE-2013-5784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784>)4.3Warning \n[CVE-2013-5846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5846>)9.3Critical \n[CVE-2013-5805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5805>)9.3Critical \n[CVE-2013-5804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804>)6.4High \n[CVE-2013-5775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5775>)7.5Critical \n[CVE-2013-5825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825>)5.0Critical \n[CVE-2013-5843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843>)10.0Critical \n[CVE-2013-5812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812>)6.4High \n[CVE-2013-5842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842>)10.0Critical \n[CVE-2013-5778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778>)5.0Critical \n[CVE-2013-5823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823>)5.0Critical \n[CVE-2013-5772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772>)2.6Warning \n[CVE-2013-5774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774>)5.0Critical \n[CVE-2013-5840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840>)5.0Critical \n[CVE-2013-5789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789>)10.0Critical \n[CVE-2013-5782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782>)10.0Critical \n[CVE-2013-5780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780>)4.3Warning \n[CVE-2013-5809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809>)10.0Critical \n[CVE-2013-5824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824>)10.0Critical \n[CVE-2013-5777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5777>)9.3Critical \n[CVE-2013-5819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819>)5.0Critical \n[CVE-2013-5818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818>)5.0Critical \n[CVE-2013-5814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814>)10.0Critical \n[CVE-2013-5817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817>)10.0Critical \n[CVE-2013-5801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801>)5.0Critical \n[CVE-2013-5776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776>)5.0Critical \n[CVE-2013-5832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832>)9.3Critical \n[CVE-2013-5831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831>)5.0Critical \n[CVE-2013-5830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830>)10.0Critical \n[CVE-2013-5788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788>)10.0Critical \n[CVE-2013-5820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820>)5.0Critical \n[CVE-2013-5802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802>)7.5Critical \n[CVE-2013-5851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851>)5.0Critical \n[CVE-2013-5850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850>)9.3Critical", "edition": 43, "modified": "2020-05-22T00:00:00", "published": "2013-10-16T00:00:00", "id": "KLA10492", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10492", "title": "\r KLA10492Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-3792", "CVE-2012-2750", "CVE-2013-5856", "CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-3839", "CVE-2013-5779", "CVE-2013-5807", "CVE-2013-4002", "CVE-2013-3831", "CVE-2013-5850", "CVE-2013-3840", "CVE-2013-5778", "CVE-2013-3827", "CVE-2013-3833", "CVE-2013-5867", "CVE-2013-3828", "CVE-2013-3785", "CVE-2013-5862", "CVE-2013-5762", "CVE-2013-3766", "CVE-2013-2172", "CVE-2013-5776", "CVE-2013-5827", "CVE-2013-5788", "CVE-2013-5765", "CVE-2013-5773", "CVE-2013-3841", "CVE-2013-5842", "CVE-2013-2251", "CVE-2013-3836", "CVE-2013-5836", "CVE-2013-5810", "CVE-2013-3762", "CVE-2013-5830", "CVE-2013-5859", "CVE-2013-5832", "CVE-2013-5864", "CVE-2013-5841", "CVE-2013-5845", "CVE-2013-5813", "CVE-2013-3814", "CVE-2013-5763", "CVE-2013-5839", "CVE-2013-5784", "CVE-2013-5792", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-3838", "CVE-2013-5771", "CVE-2011-3389", "CVE-2013-5787", "CVE-2013-3835", "CVE-2013-5852", "CVE-2013-3834", "CVE-2013-5828", "CVE-2013-5854", "CVE-2013-5768", "CVE-2013-5806", "CVE-2013-0149", "CVE-2013-5805", "CVE-2013-5826", "CVE-2013-5857", "CVE-2013-5825", "CVE-2013-5811", "CVE-2013-5789", "CVE-2013-5822", "CVE-2013-5823", "CVE-2013-5837", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5769", "CVE-2013-5865", "CVE-2013-5780", "CVE-2013-3842", "CVE-2013-5761", "CVE-2013-5791", "CVE-2013-5816", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5847", "CVE-2013-5799", "CVE-2013-5814", "CVE-2013-5798", "CVE-2013-5766", "CVE-2013-5775", "CVE-2013-5863", "CVE-2013-5829", "CVE-2013-5786", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5796", "CVE-2013-5861", "CVE-2013-5781", "CVE-2013-5835", "CVE-2013-3826", "CVE-2013-5819", "CVE-2013-5770", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5767", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-3832", "CVE-2013-5793", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-3837", "CVE-2013-5838", "CVE-2013-5794", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5866", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772", "CVE-2013-5815"], "description": "Quarterly update fixes over 130 vulnerabilities in different products.", "edition": 1, "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "SECURITYVULNS:VULN:13423", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13423", "title": "Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:13", "bulletinFamily": "software", "cvelist": ["CVE-2013-3792", "CVE-2012-2750", "CVE-2013-2248", "CVE-2013-5856", "CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-3839", "CVE-2013-5779", "CVE-2013-5807", "CVE-2013-4002", "CVE-2013-3831", "CVE-2013-5850", "CVE-2013-3840", "CVE-2013-5778", "CVE-2013-3827", "CVE-2013-3833", "CVE-2013-5867", "CVE-2013-0169", "CVE-2013-3828", "CVE-2013-3785", "CVE-2013-5862", "CVE-2013-5762", "CVE-2013-3766", "CVE-2013-2172", "CVE-2013-5776", "CVE-2013-5827", "CVE-2013-5788", "CVE-2013-5765", "CVE-2013-5773", "CVE-2013-3841", "CVE-2013-5842", "CVE-2013-2251", "CVE-2013-3836", "CVE-2013-5836", "CVE-2013-5810", "CVE-2013-3762", "CVE-2013-5830", "CVE-2013-5859", "CVE-2013-5832", "CVE-2013-5864", "CVE-2013-5841", "CVE-2013-5845", "CVE-2013-5813", "CVE-2013-3814", "CVE-2013-5763", "CVE-2013-5839", "CVE-2013-5784", "CVE-2013-5792", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-3838", "CVE-2013-5771", "CVE-2011-3389", "CVE-2013-5787", "CVE-2013-3835", "CVE-2013-5852", "CVE-2013-3834", "CVE-2013-5828", "CVE-2013-5854", "CVE-2013-5768", "CVE-2013-5806", "CVE-2013-0149", "CVE-2013-5805", "CVE-2013-5826", "CVE-2013-5857", "CVE-2013-5825", "CVE-2013-5811", "CVE-2013-5789", "CVE-2013-5822", "CVE-2013-5823", "CVE-2013-5837", "CVE-2013-2461", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5769", "CVE-2013-5865", "CVE-2013-5780", "CVE-2013-3842", "CVE-2013-3624", "CVE-2013-5761", "CVE-2013-5791", "CVE-2013-5816", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5847", "CVE-2013-2134", "CVE-2013-5799", "CVE-2013-5814", "CVE-2013-5798", "CVE-2013-5766", "CVE-2013-5775", "CVE-2013-5863", "CVE-2013-2135", "CVE-2013-5829", "CVE-2013-5786", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5796", "CVE-2013-5861", "CVE-2013-5781", "CVE-2013-5835", "CVE-2013-3826", "CVE-2013-5819", "CVE-2013-5770", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5767", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-3832", "CVE-2013-5793", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-3837", "CVE-2013-5838", "CVE-2013-5794", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5866", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772", "CVE-2013-5815"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** Starting Oct 2013, the Java SE Critical Patch Update will be released quarterly every year as per the main Oracle Critical Patch Update Schedule. This Critical Patch Update contains 127 new security fixes (including 51 Java fixes) across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "modified": "2015-02-24T00:00:00", "published": "2013-10-15T00:00:00", "id": "ORACLE:CPUOCT2013-1899837", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2013", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "edition": 1, "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "GLSA-201401-30", "href": "https://security.gentoo.org/glsa/201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}