Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10492
HistoryOct 16, 2013 - 12:00 a.m.

KLA10492 Multiple vulnerabilities in Oracle products

2013-10-1600:00:00
Kaspersky Lab
threats.kaspersky.com
222

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5.3 Medium

AI Score

Confidence

High

0.143 Low

EPSS

Percentile

95.8%

JSON

Multiple vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely via an unknwn vectors related to CORBA, JNDI, BEANS, AWT, JAX-WS, Security, JGSS, Javadoc, SCRIPTING, JavaFX, Swing, Libraries, jhat, Deployment, 2D, JAXP and other unknown vectors.

Original advisories

Oracle bulletin

Related products

Sun-Java-JRE

Sun-Java-JRE-1.6.x

Sun-Java-JDK-1.6.x

Oracle-Java-JRE-1.7.x

Oracle-Java-JDK-1.7.x

Oracle-JRockit

CVE list

CVE-2013-5787 critical

CVE-2013-5783 high

CVE-2013-5800 warning

CVE-2013-5810 critical

CVE-2013-5803 warning

CVE-2013-5838 critical

CVE-2013-5852 critical

CVE-2013-5790 warning

CVE-2013-3829 high

CVE-2013-5854 warning

CVE-2013-5848 critical

CVE-2013-5806 critical

CVE-2013-5829 critical

CVE-2013-5849 warning

CVE-2013-5797 warning

CVE-2013-4002 high

CVE-2013-5844 critical

CVE-2013-5784 warning

CVE-2013-5846 critical

CVE-2013-5805 critical

CVE-2013-5804 high

CVE-2013-5775 critical

CVE-2013-5825 critical

CVE-2013-5843 critical

CVE-2013-5812 high

CVE-2013-5842 critical

CVE-2013-5778 critical

CVE-2013-5823 critical

CVE-2013-5772 warning

CVE-2013-5774 critical

CVE-2013-5840 critical

CVE-2013-5789 critical

CVE-2013-5782 critical

CVE-2013-5780 warning

CVE-2013-5809 critical

CVE-2013-5824 critical

CVE-2013-5777 critical

CVE-2013-5819 critical

CVE-2013-5818 critical

CVE-2013-5814 critical

CVE-2013-5817 critical

CVE-2013-5801 critical

CVE-2013-5776 critical

CVE-2013-5832 critical

CVE-2013-5831 critical

CVE-2013-5830 critical

CVE-2013-5788 critical

CVE-2013-5820 critical

CVE-2013-5802 critical

CVE-2013-5851 critical

CVE-2013-5850 critical

Solution

Update to latest version!

Java SE download page

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • LoI

Loss of integrity. Exploitation of vulnerabilities with this impact can lead to partial system fault or system components connection disruption.

Affected Products

  • Oracle Java SE 7 versions 7.40 and earlierOracle Java SE 6 versions 6.60 and earlierOracle Java SE 5 versions 5.51 and earlierOracle JRockit R28 versions 28.2.8 and earlierOracle JRockit R27 versions 27.7.6 and earlier

Related

nessus 37
redhat 8
centos 3
openvas 30
oraclelinux 3
f5 5
mageia 2
amazon 2
suse 5
veracode 16
ubuntu 2
ibm 15
aix 1
cve 14
ubuntucve 13
cvelist 13
nvd 13
prion 14
securityvulns 1
threatpost 1
oracle 1
nessus
nessus
RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:1440)
2013-10-18 00:00:00
Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)
2013-10-17 00:00:00
Oracle Java SE Multiple Vulnerabilities (October 2013 CPU) (Unix)
2013-10-17 00:00:00
redhat
redhat
(RHSA-2013:1447) Important: java-1.7.0-openjdk security update
2013-10-21 00:00:00
(RHSA-2013:1440) Critical: java-1.7.0-oracle security update
2013-10-17 00:00:00
(RHSA-2013:1505) Important: java-1.6.0-openjdk security update
2013-11-05 00:00:00
centos
centos
java security update
2013-10-23 11:04:05
java security update
2013-10-22 07:41:01
java security update
2013-11-05 20:45:16
openvas
openvas
CentOS Update for java CESA-2013:1451 centos6
2013-10-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-235)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-246)
2015-09-08 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-10-21 00:00:00
java-1.7.0-openjdk security update
2013-10-22 00:00:00
java-1.6.0-openjdk security update
2013-11-05 00:00:00
f5
f5
Multiple Java vulnerabilities
2016-05-25 01:58:00
SOL61971428 - Multiple Java vulnerabilities
2016-05-23 00:00:00
K61971428 : Multiple Java vulnerabilities
2016-05-23 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
amazon
amazon
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
suse
suse
Security update for OpenJDK 7 (important)
2013-11-13 15:04:17
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
Security update for Java 6 (important)
2013-11-19 00:04:12
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:34
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2022-09-25 23:09:27
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server October 2013 CPU
2022-09-25 23:09:27
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2022-09-25 23:09:27
aix
aix
Multiple Java vulnerabilities
2013-12-11 10:53:34
cve
cve
CVE-2013-5787
2013-10-16 15:55:34
CVE-2013-5824
2013-10-16 17:55:05
CVE-2013-5832
2013-10-16 17:55:05
ubuntucve
ubuntucve
CVE-2013-5824
2013-10-16 00:00:00
CVE-2013-5832
2013-10-16 00:00:00
CVE-2013-5787
2013-10-16 00:00:00
cvelist
cvelist
CVE-2013-5832
2013-10-16 17:31:00
CVE-2013-5787
2013-10-16 15:00:00
CVE-2013-5789
2013-10-16 15:00:00
nvd
nvd
CVE-2013-5787
2013-10-16 15:55:34
CVE-2013-5824
2013-10-16 17:55:05
CVE-2013-5832
2013-10-16 17:55:05
prion
prion
Design/Logic Flaw
2013-10-16 15:55:00
Design/Logic Flaw
2013-10-16 15:55:00
Design/Logic Flaw
2013-10-16 17:55:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
threatpost
threatpost
October 2013 Oracle Java Critical Patch Update
2013-10-16 07:41:46
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

5.3 Medium

AI Score

Confidence

High

0.143 Low

EPSS

Percentile

95.8%

JSON
Related for KLA10492
nessus37redhat8centos3openvas30oraclelinux3f55mageia2amazon2suse5veracode16ubuntu2ibm15aix1cve14ubuntucve13cvelist13nvd13prion14securityvulns1threatpost1oracle1