ID CENTOS_RHSA-2013-0246.NASL Type nessus Reporter Tenable Modified 2018-11-10T00:00:00
Description
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)
Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.
(CVE-2013-1478, CVE-2013-1480)
A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)
The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)
Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)
It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.
(CVE-2013-0424)
It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.
(CVE-2013-0440)
It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.
Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0246 and
# CentOS Errata and Security Advisory 2013:0246 respectively.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(64512);
script_version("1.10");
script_cvs_date("Date: 2018/11/10 11:49:30");
script_cve_id("CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480");
script_xref(name:"RHSA", value:"2013:0246");
script_name(english:"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated java-1.6.0-openjdk packages that fix several security issues
are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
Multiple improper permission check issues were discovered in the AWT,
CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,
CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)
Multiple flaws were found in the way image parsers in the 2D and AWT
components handled image raster parameters. A specially crafted image
could cause Java Virtual Machine memory corruption and, possibly, lead
to arbitrary code execution with the virtual machine privileges.
(CVE-2013-1478, CVE-2013-1480)
A flaw was found in the AWT component's clipboard handling code. An
untrusted Java application or applet could use this flaw to access
clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)
The default Java security properties configuration did not restrict
access to certain com.sun.xml.internal packages. An untrusted Java
application or applet could use this flaw to access information,
bypassing certain Java sandbox restrictions. This update lists the
whole package as restricted. (CVE-2013-0435)
Multiple improper permission check issues were discovered in the
Libraries, Networking, and JAXP components. An untrusted Java
application or applet could use these flaws to bypass certain Java
sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)
It was discovered that the RMI component's CGIHandler class used user
inputs in error messages without any sanitization. An attacker could
use this flaw to perform a cross-site scripting (XSS) attack.
(CVE-2013-0424)
It was discovered that the SSL/TLS implementation in the JSSE
component did not properly enforce handshake message ordering,
allowing an unlimited number of handshake restarts. A remote attacker
could use this flaw to make an SSL/TLS server using JSSE consume an
excessive amount of CPU by continuously restarting the handshake.
(CVE-2013-0440)
It was discovered that the JSSE component did not properly validate
Diffie-Hellman public keys. An SSL/TLS client could possibly use this
flaw to perform a small subgroup attack. (CVE-2013-0443)
This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.
Refer to the NEWS file, linked to in the References, for further
information.
All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect."
);
# https://lists.centos.org/pipermail/centos-announce/2013-February/019231.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7117ea7d"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected java-1.6.0-openjdk packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"patch_publication_date", value:"2013/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9")) flag++;
if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9")) flag++;
if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9")) flag++;
if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9")) flag++;
if (rpm_check(release:"CentOS-5", reference:"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2013-0246.NASL", "bulletinFamily": "scanner", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-02-10T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "reporter": "Tenable", "references": ["http://www.nessus.org/u?7117ea7d"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "type": "nessus", "lastseen": "2018-11-11T12:45:02", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 1, "enchantments": {}, "hash": "facc9f83a5de07b1f1eab0717a74749da5fb6f96ae7ba7a05c6717cec6276f21", "hashmap": [{"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "c197e92f11a466dd5695d2fb3a68755c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "4b8afb39a41acf9a8eb8d67a50f02ac2", "key": "modified"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2016-09-26T17:23:56", "modified": "2016-01-27T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:01 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_osvdb_id(89758, 89759, 89760, 89761, 89762, 89763, 89767, 89769, 89771, 89772, 89786, 89792, 89795, 89796, 89798, 89800, 89801, 89802, 89804, 89806);\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cfaa478\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "75608f50c74c441b46fafc0dd178fee63a0ec39ac5418a19bf1c2a2ffb43ed3b", "hashmap": [{"hash": "eefd1792a4d874239ea0fa11df2cfcf9", "key": "sourceData"}, {"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e7c416bd6df41c000800c47459e9a752", "key": "cpe"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2018-08-30T19:35:25", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cfaa478\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:35:25"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 6, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "b9b5bd1bcefbdc4f5d0907e871928ac97dc19afeaabab448e6bc2af876ee94c4", "hashmap": [{"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e7c416bd6df41c000800c47459e9a752", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "9eb81d2b2fcb594b58bdd638364fe3e6", "key": "sourceData"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2018-11-11T08:25:03", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7117ea7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 1}, "differentElements": ["references", "modified"], "edition": 6, "lastseen": "2018-11-11T08:25:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "75ac6990ad02b67a3c3a23bce27208684affed76377b296004f85d11075cd08e", "hashmap": [{"hash": "eefd1792a4d874239ea0fa11df2cfcf9", "key": "sourceData"}, {"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e7c416bd6df41c000800c47459e9a752", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2018-07-03T09:40:17", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cfaa478\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-03T09:40:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "74eb5f84b080c68c9b096bdb24073de69ef384dd6aabc4e5758613db6aadbeb2", "hashmap": [{"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e7c416bd6df41c000800c47459e9a752", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "c197e92f11a466dd5695d2fb3a68755c", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "4b8afb39a41acf9a8eb8d67a50f02ac2", "key": "modified"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2017-10-29T13:35:56", "modified": "2016-01-27T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:01 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_osvdb_id(89758, 89759, 89760, 89761, 89762, 89763, 89767, 89769, 89771, 89772, 89786, 89792, 89795, 89796, 89798, 89800, 89801, 89802, 89804, 89806);\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cfaa478\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "75ac6990ad02b67a3c3a23bce27208684affed76377b296004f85d11075cd08e", "hashmap": [{"hash": "eefd1792a4d874239ea0fa11df2cfcf9", "key": "sourceData"}, {"hash": "6055143de62d8035d6bbb729fac8151b", "key": "published"}, {"hash": "b7e0a5659cdab412fdc73bdfa8647220", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e7c416bd6df41c000800c47459e9a752", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "affe97ebe84ceacc088aaa7f3d9f11f7", "key": "references"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "03708deed834a0b33bf863cd965c8644", "key": "href"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "12074a9d65b3a532f84cfd903b9f3717", "key": "title"}, {"hash": "942a66e5726350ad9baf67bc37a36da4", "key": "cvelist"}, {"hash": "924fb03b4a5e2fdef3b8808f61240e08", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "id": "CENTOS_RHSA-2013-0246.NASL", "lastseen": "2018-09-01T23:39:45", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "64512", "published": "2013-02-10T00:00:00", "references": ["http://www.nessus.org/u?9cfaa478"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cfaa478\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "viewCount": 1}, "differentElements": ["sourceData"], "edition": 5, "lastseen": "2018-09-01T23:39:45"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e7c416bd6df41c000800c47459e9a752"}, {"key": "cvelist", "hash": "942a66e5726350ad9baf67bc37a36da4"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "924fb03b4a5e2fdef3b8808f61240e08"}, {"key": "href", "hash": "03708deed834a0b33bf863cd965c8644"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "b7e0a5659cdab412fdc73bdfa8647220"}, {"key": "published", "hash": "6055143de62d8035d6bbb729fac8151b"}, {"key": "references", "hash": "d6cb108b5727915cb9f4fcc599eabbbb"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "9eb81d2b2fcb594b58bdd638364fe3e6"}, {"key": "title", "hash": "12074a9d65b3a532f84cfd903b9f3717"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "5cc83697393d08a2331a81e621051eb90743bca14e8f6baf8302f9e46369867f", "viewCount": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7117ea7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "64512", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"]}
{"oraclelinux": [{"lastseen": "2018-08-31T01:46:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}], "description": "[1:1.6.0.0-1.54.1.11.6]\n- removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch8: 7201064.patch to be reverted\n- added patch9: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.53.1.11.6]\n- added patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.51.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906707", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0245", "href": "http://linux.oracle.com/errata/ELSA-2013-0245.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:31", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.33.1.11.6]\n- removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch9: 7201064.patch to be reverted\n- added patch10: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.32.1.11.6]\n- added patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.31.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906705", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0246", "href": "http://linux.oracle.com/errata/ELSA-2013-0246.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1.7.0.9-2.3.5.3.0.1.el6_3]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.5.3.el6_3]\n- Sync logging fixes with upstream (icedtea7-forest and jdk7u)\n[1.7.0.9-2.3.5.1.el6_3]\n- Removed 6664509 backout and added 8005615 to fix the issue\n[1.7.0.9-2.3.5.el6_3.1]\n- Backed out 6664509 and 7201064.patch which cause regressions\n[1.7.0.9-2.3.5.el6_3]\n- Bumped to 2.3.5\n- Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5\n- Resolves: rhbz#906707", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0247", "href": "http://linux.oracle.com/errata/ELSA-2013-0247.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-13T16:46:06", "references": ["https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/security/cve/cve-2013-0425", "http://www.nessus.org/u?d4964317", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-1475", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-0441", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/errata/RHSA-2013:0246", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-0435", "https://access.redhat.com/security/cve/cve-2013-0429", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0443"], "pluginID": "64519", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-0246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64519);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4964317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0246\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T12:42:28", "references": ["http://www.nessus.org/u?bedc9ea4"], "pluginID": "64536", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-02-11T00:00:00", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel"], "id": "CENTOS_RHSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0245 and \n# CentOS Errata and Security Advisory 2013:0245 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64536);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bedc9ea4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:30", "references": ["http://www.nessus.org/u?2f402a5f"], "pluginID": "64521", "description": "Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie- Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2016-01-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130208_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64521", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64521);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:02 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie- Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=1768\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f402a5f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:25", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-February/003250.html"], "pluginID": "68727", "description": "From Red Hat Security Advisory 2013:0246 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-0246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# Oracle Linux Security Advisory ELSA-2013-0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68727);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0246 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:15", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-February/003249.html"], "pluginID": "68726", "description": "From Red Hat Security Advisory 2013:0245 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0245 and \n# Oracle Linux Security Advisory ELSA-2013-0245 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68726);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0245 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003249.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:56", "references": ["http://www.nessus.org/u?5c5d6651"], "pluginID": "64522", "description": "Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie- Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2016-01-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130208_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64522", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64522);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/01/27 16:45:02 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie- Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=1486\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c5d6651\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:52:08", "references": ["https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/security/cve/cve-2013-0425", "http://www.nessus.org/u?d4964317", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-1475", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-0441", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/errata/RHSA-2013:0245", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-0435", "https://access.redhat.com/security/cve/cve-2013-0429", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0443"], "pluginID": "64518", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0245. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64518);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4964317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0245\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:26", "references": ["http://support.novell.com/security/cve/CVE-2013-0441.html", "http://support.novell.com/security/cve/CVE-2013-0429.html", "http://support.novell.com/security/cve/CVE-2013-0450.html", "http://support.novell.com/security/cve/CVE-2013-1475.html", "http://support.novell.com/security/cve/CVE-2013-0424.html", "http://support.novell.com/security/cve/CVE-2013-0425.html", "http://support.novell.com/security/cve/CVE-2013-0427.html", "http://support.novell.com/security/cve/CVE-2013-1480.html", "http://support.novell.com/security/cve/CVE-2013-0442.html", "http://support.novell.com/security/cve/CVE-2013-0426.html", "http://support.novell.com/security/cve/CVE-2013-0443.html", "https://bugzilla.novell.com/show_bug.cgi?id=792951", "http://support.novell.com/security/cve/CVE-2013-0432.html", "https://bugzilla.novell.com/show_bug.cgi?id=801972", "http://support.novell.com/security/cve/CVE-2013-0434.html", "http://support.novell.com/security/cve/CVE-2013-0435.html", "http://support.novell.com/security/cve/CVE-2013-1476.html", "http://support.novell.com/security/cve/CVE-2013-0433.html", "https://bugzilla.novell.com/show_bug.cgi?id=494536", "http://support.novell.com/security/cve/CVE-2013-0428.html", "http://support.novell.com/security/cve/CVE-2013-1478.html", "http://support.novell.com/security/cve/CVE-2013-0440.html"], "pluginID": "64780", "description": "java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues :\n\nNew in release 1.12.2 (2012-02-03) :\n\n - Security fixes\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options when building sa-jdi\n\n - S8004341: Two JCK tests fails with 7u11 b06\n\n - S8005615: Java Logger fails to load tomcat logger implementation (JULI)\n\n - Bug fixes\n\n - PR1297: cacao and jamvm parallel unpack failures\n\n - PR1301: PR1171 causes builds of Zero to fail", "edition": 5, "reporter": "Tenable", "published": "2013-02-21T00:00:00", "title": "SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-130212.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64780", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64780);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n\n script_name(english:\"SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing\nvarious security issues :\n\nNew in release 1.12.2 (2012-02-03) :\n\n - Security fixes\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of\n splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS\n Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization\n issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options\n when building sa-jdi\n\n - S8004341: Two JCK tests fails with 7u11 b06\n\n - S8005615: Java Logger fails to load tomcat logger\n implementation (JULI)\n\n - Bug fixes\n\n - PR1297: cacao and jamvm parallel unpack failures\n\n - PR1301: PR1171 causes builds of Zero to fail\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=494536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=792951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=801972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0429.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0435.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1475.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7332.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T17:12:05", "references": ["https://lists.opensuse.org/opensuse-updates/2013-03/msg00003.html", "https://bugzilla.novell.com/show_bug.cgi?id=803379"], "pluginID": "74907", "description": "java-1_7_0-openjdk was updated to icedtea-2.3.6 (bnc#803379) containing various security and bugfixes :\n\n - Security fixes\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200493, CVE-2013-0444: Improve cache handling\n\n - S7200499: Better data validation for options\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000539, CVE-2013-0431: Introspect JMX data handling\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7057320:\n test/java/util/concurrent/Executors/AutoShutdown.java failing intermittently\n\n - S7083664: TEST_BUG: test hard code of using c:/temp but this dir might not exist\n\n - S7107613: scalability blocker in javax.crypto.CryptoPermissions\n\n - S7107616: scalability blocker in javax.crypto.JceSecurityManager\n\n - S7146424: Wildcard expansion for single entry classpath\n\n - S7160609: [macosx] JDK crash in libjvm.dylib ( C [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)\n\n - S7160951: [macosx] ActionListener called twice for JMenuItem using ScreenMenuBar\n\n - S7162488: VM not printing unknown -XX options\n\n - S7169395: Exception throws due to the changes in JDK 7 object tranversal and break backward compatibility\n\n - S7175616: Port fix for TimeZone from JDK 8 to JDK 7\n\n - S7176485: (bf) Allow temporary buffer cache to grow to IOV_MAX\n\n - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and reinitialize build number\n\n - S7184326: TEST_BUG:\n java/awt/Frame/7024749/bug7024749.java has a typo\n\n - S7185245: Licensee source bundle tries to compile JFR\n\n - S7185471: Avoid key expansion when AES cipher is re-init w/ the same key\n\n - S7186371: [macosx] Main menu shortcuts not displayed (7u6 regression)\n\n - S7187834: [macosx] Usage of private API in macosx 2d implementation causes Apple Store rejection\n\n - S7188114: (launcher) need an alternate command line parser for Windows\n\n - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and reinitialize build number\n\n - S7189350: Fix failed for CR 7162144\n\n - S7190550: REGRESSION: Some closed/com/oracle/jfr/api tests fail to compile because of fix 7185245\n\n - S7193219: JComboBox serialization fails in JDK 1.7\n\n - S7193977: REGRESSION:Java 7's JavaBeans persistence ignoring the 'transient' flag on properties\n\n - S7195106: REGRESSION : There is no way to get Icon inf, once Softreference is released\n\n - S7195301: XML Signature DOM implementation should not use instanceof to determine type of Node\n\n - S7195931: UnsatisfiedLinkError on PKCS11.C_GetOperationState while using NSS from jre7u6+\n\n - S7197071: Makefiles for various security providers aren't including the default manifest.\n\n - S7197652: Impossible to run any signed JNLP applications or applets, OCSP off by default\n\n - S7198146: Another new regression test does not compile on windows-amd64\n\n - S7198570: (tz) Support tzdata2012f\n\n - S7198640: new hotspot build - hs23.6-b04\n\n - S7199488: [TEST] runtime/7158800/InternTest.java failed due to false-positive on PID match.\n\n - S7199645: Increment build # of hs23.5 to b02\n\n - S7199669: Update tags in .hgtags file for CPU release rename\n\n - S7200720: crash in net.dll during NTLM authentication\n\n - S7200742: (se) Selector.select does not block when starting Coherence (sol11u1)\n\n - S7200762: [macosx] Stuck in sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Na tive Method)\n\n - S8000285: Deadlock between PostEventQueue.noEvents, EventQueue.isDispatchThread and SwingUtilities.invokeLater\n\n - S8000286: [macosx] Views keep scrolling back to the drag position after DnD\n\n - S8000297: REGRESSION:\n closed/java/awt/EventQueue/PostEventOrderingTest.java fails\n\n - S8000307: Jre7cert: focusgained does not get called for all focus req when do alt + tab\n\n - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and reinitialize build number\n\n - S8001124: jdk7u ProblemList.txt updates (10/2012)\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001808: Create a test for 8000327\n\n - S8001876: Create regtest for 8000283\n\n - S8002068: Build broken: corba code changes unable to use new JDK 7 classes\n\n - S8002091: tools/launcher/ToolsOpts.java test started to fail since 7u11 b01 on Windows\n\n - S8002114: fix failed for JDK-7160951: [macosx] ActionListener called twice for JMenuItem using ScreenMenuBar\n\n - S8002225: (tz) Support tzdata2012i\n\n - S8003402: (dc) test/java/nio/channels/DatagramChannel/SendToUnresovled.\n java failing after 7u11 cleanup issues\n\n - S8003403: Test ShortRSAKeyWithinTLS and ClientJSSEServerJSSE failing after 7u11 cleanup\n\n - S8003948: NTLM/Negotiate authentication problem\n\n - S8004175: Restricted packages added in java.security are missing in java.security-{macosx, solaris, windows}\n\n - S8004302: javax/xml/soap/Test7013971.java fails since jdk6u39b01\n\n - S8004341: Two JCK tests fails with 7u11 b06\n\n - S8005615: Java Logger fails to load tomcat logger implementation (JULI)\n\n - Bug fixes\n\n - Fix build using Zero's HotSpot so all patches apply again.\n\n - PR1295: jamvm parallel unpack failure\n\n - removed icedtea-2.3.2-fix-extract-jamvm-dependency.patch\n\n - removed icedtea-2.3.3-refresh-6924259-string_offset.patch\n\n - few missing /openjdk/%{origin}/ changes", "edition": 6, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc", "p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-165.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-165.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74907);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:50:01\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0431\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0444\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n\n script_name(english:\"openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)\");\n script_summary(english:\"Check for the openSUSE-2013-165 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_7_0-openjdk was updated to icedtea-2.3.6 (bnc#803379)\ncontaining various security and bugfixes :\n\n - Security fixes\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of\n splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS\n Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200493, CVE-2013-0444: Improve cache handling\n\n - S7200499: Better data validation for options\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization\n issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n\n - S8000539, CVE-2013-0431: Introspect JMX data handling\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7057320:\n test/java/util/concurrent/Executors/AutoShutdown.java\n failing intermittently\n\n - S7083664: TEST_BUG: test hard code of using c:/temp but\n this dir might not exist\n\n - S7107613: scalability blocker in\n javax.crypto.CryptoPermissions\n\n - S7107616: scalability blocker in\n javax.crypto.JceSecurityManager\n\n - S7146424: Wildcard expansion for single entry classpath\n\n - S7160609: [macosx] JDK crash in libjvm.dylib ( C\n [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)\n\n - S7160951: [macosx] ActionListener called twice for\n JMenuItem using ScreenMenuBar\n\n - S7162488: VM not printing unknown -XX options\n\n - S7169395: Exception throws due to the changes in JDK 7\n object tranversal and break backward compatibility\n\n - S7175616: Port fix for TimeZone from JDK 8 to JDK 7\n\n - S7176485: (bf) Allow temporary buffer cache to grow to\n IOV_MAX\n\n - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and\n reinitialize build number\n\n - S7184326: TEST_BUG:\n java/awt/Frame/7024749/bug7024749.java has a typo\n\n - S7185245: Licensee source bundle tries to compile JFR\n\n - S7185471: Avoid key expansion when AES cipher is re-init\n w/ the same key\n\n - S7186371: [macosx] Main menu shortcuts not displayed\n (7u6 regression)\n\n - S7187834: [macosx] Usage of private API in macosx 2d\n implementation causes Apple Store rejection\n\n - S7188114: (launcher) need an alternate command line\n parser for Windows\n\n - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and\n reinitialize build number\n\n - S7189350: Fix failed for CR 7162144\n\n - S7190550: REGRESSION: Some closed/com/oracle/jfr/api\n tests fail to compile because of fix 7185245\n\n - S7193219: JComboBox serialization fails in JDK 1.7\n\n - S7193977: REGRESSION:Java 7's JavaBeans persistence\n ignoring the 'transient' flag on properties\n\n - S7195106: REGRESSION : There is no way to get Icon inf,\n once Softreference is released\n\n - S7195301: XML Signature DOM implementation should not\n use instanceof to determine type of Node\n\n - S7195931: UnsatisfiedLinkError on\n PKCS11.C_GetOperationState while using NSS from jre7u6+\n\n - S7197071: Makefiles for various security providers\n aren't including the default manifest.\n\n - S7197652: Impossible to run any signed JNLP applications\n or applets, OCSP off by default\n\n - S7198146: Another new regression test does not compile\n on windows-amd64\n\n - S7198570: (tz) Support tzdata2012f\n\n - S7198640: new hotspot build - hs23.6-b04\n\n - S7199488: [TEST] runtime/7158800/InternTest.java failed\n due to false-positive on PID match.\n\n - S7199645: Increment build # of hs23.5 to b02\n\n - S7199669: Update tags in .hgtags file for CPU release\n rename\n\n - S7200720: crash in net.dll during NTLM authentication\n\n - S7200742: (se) Selector.select does not block when\n starting Coherence (sol11u1)\n\n - S7200762: [macosx] Stuck in\n sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Na\n tive Method)\n\n - S8000285: Deadlock between PostEventQueue.noEvents,\n EventQueue.isDispatchThread and\n SwingUtilities.invokeLater\n\n - S8000286: [macosx] Views keep scrolling back to the drag\n position after DnD\n\n - S8000297: REGRESSION:\n closed/java/awt/EventQueue/PostEventOrderingTest.java\n fails\n\n - S8000307: Jre7cert: focusgained does not get called for\n all focus req when do alt + tab\n\n - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and\n reinitialize build number\n\n - S8001124: jdk7u ProblemList.txt updates (10/2012)\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001808: Create a test for 8000327\n\n - S8001876: Create regtest for 8000283\n\n - S8002068: Build broken: corba code changes unable to use\n new JDK 7 classes\n\n - S8002091: tools/launcher/ToolsOpts.java test started to\n fail since 7u11 b01 on Windows\n\n - S8002114: fix failed for JDK-7160951: [macosx]\n ActionListener called twice for JMenuItem using\n ScreenMenuBar\n\n - S8002225: (tz) Support tzdata2012i\n\n - S8003402: (dc)\n test/java/nio/channels/DatagramChannel/SendToUnresovled.\n java failing after 7u11 cleanup issues\n\n - S8003403: Test ShortRSAKeyWithinTLS and\n ClientJSSEServerJSSE failing after 7u11 cleanup\n\n - S8003948: NTLM/Negotiate authentication problem\n\n - S8004175: Restricted packages added in java.security are\n missing in java.security-{macosx, solaris, windows}\n\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n\n - S8004341: Two JCK tests fails with 7u11 b06\n\n - S8005615: Java Logger fails to load tomcat logger\n implementation (JULI)\n\n - Bug fixes\n\n - Fix build using Zero's HotSpot so all patches apply\n again.\n\n - PR1295: jamvm parallel unpack failure\n\n - removed icedtea-2.3.2-fix-extract-jamvm-dependency.patch\n\n - removed\n icedtea-2.3.3-refresh-6924259-string_offset.patch\n\n - few missing /openjdk/%{origin}/ changes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-03/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1_7_0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java Applet JMX Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-demo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:java-1_7_0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-debuginfo-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-debugsource-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-demo-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-devel-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-javadoc-1.7.0.6-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"java-1_7_0-openjdk-src-1.7.0.6-3.26.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-openjdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:05:15", "references": ["http://www.nessus.org/u?e15a1d25"], "pluginID": "64563", "description": "Multiple security issues were identified and fixed in OpenJDK (icedtea6) :\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options when building sa-jdi\n\nThe updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues.", "edition": 6, "reporter": "Tenable", "published": "2013-02-12T00:00:00", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src", "p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel"], "id": "MANDRIVA_MDVSA-2013-010.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64563", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:010. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64563);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_bugtraq_id(57686, 57687, 57691, 57692, 57694, 57696, 57702, 57703, 57709, 57710, 57711, 57712, 57713, 57715, 57719, 57727, 57729, 57730);\n script_xref(name:\"MDVSA\", value:\"2013:010\");\n\n script_name(english:\"Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues were identified and fixed in OpenJDK\n(icedtea6) :\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of\n splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about\n creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n\n - S7201068, CVE-2013-0435: Better handling of UI\n elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options\n when building sa-jdi\n\nThe updated packages provides icedtea6-1.11.6 which is not vulnerable\nto these issues.\"\n );\n # http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e15a1d25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-1.6.0.0-35.b24.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-35.b24.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-35.b24.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-35.b24.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:57:09", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "2013:0245"], "pluginID": "1361412562310881598", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "CentOS Update for java CESA-2013:0245 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0245 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n \n This errat ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881598\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:23:28 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0245\");\n script_name(\"CentOS Update for java CESA-2013:0245 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:38", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "2013:0246"], "pluginID": "1361412562310881597", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "CentOS Update for java CESA-2013:0246 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0246 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881597\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:22:14 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0246\");\n script_name(\"CentOS Update for java CESA-2013:0246 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-24T11:09:21", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "2013:0245"], "pluginID": "881598", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CentOS Update for java CESA-2013:0245 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881598", "id": "OPENVAS:881598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0245 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n \n This errat ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\");\n script_id(881598);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:23:28 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0245\");\n script_name(\"CentOS Update for java CESA-2013:0245 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:51:33", "references": ["2013:0245-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html"], "pluginID": "870906", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870906", "id": "OPENVAS:870906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issue ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html\");\n script_id(870906);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:18:16 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0245-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:15:43", "references": ["2013:0246-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html"], "pluginID": "1361412562310870905", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870905\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:17:05 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0246-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:14:47", "references": ["2013:0245-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html"], "pluginID": "1361412562310870906", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870906", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870906\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:18:16 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0245-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issue ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:14", "references": ["http://linux.oracle.com/errata/ELSA-2013-0246.html"], "pluginID": "1361412562310123727", "description": "Oracle Linux Local Security Checks ELSA-2013-0246", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0246", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123727", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0246.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123727\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0246\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0246 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0246\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0246.html\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1480\", \"CVE-2013-1478\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-1476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:41", "references": ["http://linux.oracle.com/errata/ELSA-2013-0245.html"], "pluginID": "1361412562310123729", "description": "Oracle Linux Local Security Checks ELSA-2013-0245", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0245", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0245.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123729\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:46 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0245\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0245 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0245\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0245.html\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-05T11:11:35", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "2013:0246"], "pluginID": "881597", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CentOS Update for java CESA-2013:0246 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881597", "id": "OPENVAS:881597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0246 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\");\n script_id(881597);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:22:14 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0246\");\n script_name(\"CentOS Update for java CESA-2013:0246 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:34", "references": ["2013:0246-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html"], "pluginID": "870905", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870905", "id": "OPENVAS:870905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html\");\n script_id(870905);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:17:05 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0246-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:15", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "arch": "i386", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0246) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:07:12", "id": "RHSA-2013:0246", "href": "https://access.redhat.com/errata/RHSA-2013:0246", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0245) Critical: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:33", "id": "RHSA-2013:0245", "href": "https://access.redhat.com/errata/RHSA-2013:0245", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0247) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:22", "id": "RHSA-2013:0247", "href": "https://access.redhat.com/errata/RHSA-2013:0247", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.0-1jpp.1.el5_9", "arch": "ppc", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443,\nCVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running instances\nof IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0624) Critical: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5085", "CVE-2013-0409", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0440", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:37", "id": "RHSA-2013:0624", "href": "https://access.redhat.com/errata/RHSA-2013:0624", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.39-1jpp.1.el6_3", "arch": "i686", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm", "operator": "lt"}], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,\nCVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446,\nCVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 39. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-04T05:00:00", "type": "redhat", "title": "(RHSA-2013:0236) Critical: java-1.6.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-1473", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:13", "id": "RHSA-2013:0236", "href": "https://access.redhat.com/errata/RHSA-2013:0236", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.13.0-1jpp.2.el5_9", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3213,\nCVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1493)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR13 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0625) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:26", "id": "RHSA-2013:0625", "href": "https://access.redhat.com/errata/RHSA-2013:0625", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-07T05:58:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,\nCVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437,\nCVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,\nCVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449,\nCVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1479, CVE-2013-1480, CVE-2013-1489)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 13 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2013-02-04T05:00:00", "type": "redhat", "title": "(RHSA-2013:0237) Critical: java-1.7.0-oracle security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0448", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-1473", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1479", "CVE-2013-1480", "CVE-2013-1489"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:29", "id": "RHSA-2013:0237", "href": "https://access.redhat.com/errata/RHSA-2013:0237", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:03", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.4.0-1jpp.2.el5_9", "arch": "ppc", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3174,\nCVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419,\nCVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433,\nCVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473,\nCVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485,\nCVE-2013-1486, CVE-2013-1487, CVE-2013-1493)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR4 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0626) Critical: java-1.7.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3174", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0422", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:36", "id": "RHSA-2013:0626", "href": "https://access.redhat.com/errata/RHSA-2013:0626", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:26", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.14.0-1jpp.1.el5_9", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.5. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.5 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "reporter": "RedHat", "published": "2013-10-23T04:00:00", "type": "redhat", "title": "(RHSA-2013:1456) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1563", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2435", "CVE-2013-2437", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:29", "id": "RHSA-2013:1456", "href": "https://access.redhat.com/errata/RHSA-2013:1456", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.14.0-1jpp.1.el5_9", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,\nCVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,\nCVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,\nCVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,\nCVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,\nCVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,\nCVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.4 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "reporter": "RedHat", "published": "2013-10-23T04:00:00", "type": "redhat", "title": "(RHSA-2013:1455) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-0802", "CVE-2011-0814", "CVE-2011-0862", "CVE-2011-0863", "CVE-2011-0865", "CVE-2011-0867", "CVE-2011-0868", "CVE-2011-0869", "CVE-2011-0871", "CVE-2011-0873", "CVE-2011-3389", "CVE-2011-3516", "CVE-2011-3521", "CVE-2011-3544", "CVE-2011-3545", "CVE-2011-3546", "CVE-2011-3547", "CVE-2011-3548", "CVE-2011-3549", "CVE-2011-3550", "CVE-2011-3551", "CVE-2011-3552", "CVE-2011-3553", "CVE-2011-3554", "CVE-2011-3556", "CVE-2011-3557", "CVE-2011-3560", "CVE-2011-3561", "CVE-2011-3563", "CVE-2011-5035", "CVE-2012-0497", "CVE-2012-0498", "CVE-2012-0499", "CVE-2012-0500", "CVE-2012-0501", "CVE-2012-0502", "CVE-2012-0503", "CVE-2012-0505", "CVE-2012-0506", "CVE-2012-0507", "CVE-2012-0547", "CVE-2012-0551", "CVE-2012-1531", "CVE-2012-1532", "CVE-2012-1533", "CVE-2012-1541", "CVE-2012-1682", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-1717", "CVE-2012-1718", "CVE-2012-1719", "CVE-2012-1721", "CVE-2012-1722", "CVE-2012-1725", "CVE-2012-3143", "CVE-2012-3159", "CVE-2012-3213", "CVE-2012-3216", "CVE-2012-3342", "CVE-2012-4820", "CVE-2012-4822", "CVE-2012-4823", "CVE-2012-5068", "CVE-2012-5069", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5073", "CVE-2012-5075", "CVE-2012-5079", "CVE-2012-5081", "CVE-2012-5083", "CVE-2012-5084", "CVE-2012-5089", "CVE-2013-0169", "CVE-2013-0351", "CVE-2013-0401", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1491", "CVE-2013-1493", "CVE-2013-1500", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1563", "CVE-2013-1569", "CVE-2013-1571", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2422", "CVE-2013-2424", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2435", "CVE-2013-2437", "CVE-2013-2440", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:28", "id": "RHSA-2013:1455", "href": "https://access.redhat.com/errata/RHSA-2013:1455", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:04", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0245.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0245\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0245.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-09T11:03:54", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-09T11:03:54", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "id": "CESA-2013:0245", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:41", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0246.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0246\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0246.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-08T22:39:51", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T22:39:51", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "id": "CESA-2013:0246", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:26", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0247.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0247\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019232.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019234.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0247.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-09T00:57:50", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-09T11:04:30", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019232.html", "id": "CESA-2013:0247", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:15:24", "references": ["https://bugzilla.novell.com/803379"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-javadoc-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-javadoc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-javadoc-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-javadoc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}], "description": "java-1_7_0-openjdk was updated to icedtea-2.3.6\n (bnc#803379) containing various security and bugfixes:\n\n * Security fixes\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200493, CVE-2013-0444: Improve cache handling\n - S7200499: Better data validation for options\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000539, CVE-2013-0431: Introspect JMX data handling\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n - S8001242: Improve RMI HTTP conformance\n - S8001307: Modify ACC_SUPER behavior\n - S8001972, CVE-2013-1478: Improve image processing\n - S8002325, CVE-2013-1480: Improve management of images\n * Backports\n - S7057320:\n test/java/util/concurrent/Executors/AutoShutdown.java\n failing intermittently\n - S7083664: TEST_BUG: test hard code of using c:/temp but\n this dir might not exist\n - S7107613: scalability blocker in\n javax.crypto.CryptoPermissions\n - S7107616: scalability blocker in\n javax.crypto.JceSecurityManager\n - S7146424: Wildcard expansion for single entry classpath\n - S7160609: [macosx] JDK crash in libjvm.dylib ( C\n [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)\n - S7160951: [macosx] ActionListener called twice for\n JMenuItem using ScreenMenuBar\n - S7162488: VM not printing unknown -XX options\n - S7169395: Exception throws due to the changes in JDK 7\n object tranversal and break backward compatibility\n - S7175616: Port fix for TimeZone from JDK 8 to JDK 7\n - S7176485: (bf) Allow temporary buffer cache to grow to\n IOV_MAX\n - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and\n reinitialize build number\n - S7184326: TEST_BUG:\n java/awt/Frame/7024749/bug7024749.java has a typo\n - S7185245: Licensee source bundle tries to compile JFR\n - S7185471: Avoid key expansion when AES cipher is\n re-init w/ the same key\n - S7186371: [macosx] Main menu shortcuts not displayed\n (7u6 regression)\n - S7187834: [macosx] Usage of private API in macosx 2d\n implementation causes Apple Store rejection\n - S7188114: (launcher) need an alternate command line\n parser for Windows\n - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and\n reinitialize build number\n - S7189350: Fix failed for CR 7162144\n - S7190550: REGRESSION: Some closed/com/oracle/jfr/api\n tests fail to compile becuse of fix 7185245\n - S7193219: JComboBox serialization fails in JDK 1.7\n - S7193977: REGRESSION:Java 7's JavaBeans persistence\n ignoring the "transient" flag on properties\n - S7195106: REGRESSION : There is no way to get Icon inf,\n once Softreference is released\n - S7195301: XML Signature DOM implementation should not\n use instanceof to determine type of Node\n - S7195931: UnsatisfiedLinkError on\n PKCS11.C_GetOperationState while using NSS from jre7u6+\n - S7197071: Makefiles for various security providers\n aren't including the default manifest.\n - S7197652: Impossible to run any signed JNLP\n applications or applets, OCSP off by default\n - S7198146: Another new regression test does not compile\n on windows-amd64\n - S7198570: (tz) Support tzdata2012f\n - S7198640: new hotspot build - hs23.6-b04\n - S7199488: [TEST] runtime/7158800/InternTest.java failed\n due to false-positive on PID match.\n - S7199645: Increment build # of hs23.5 to b02\n - S7199669: Update tags in .hgtags file for CPU release\n rename\n - S7200720: crash in net.dll during NTLM authentication\n - S7200742: (se) Selector.select does not block when\n starting Coherence (sol11u1)\n - S7200762: [macosx] Stuck in\n sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Native\n Method)\n - S8000285: Deadlock between PostEventQueue.noEvents,\n EventQueue.isDispatchThread and\n SwingUtilities.invokeLater\n - S8000286: [macosx] Views keep scrolling back to the\n drag position after DnD\n - S8000297: REGRESSION:\n closed/java/awt/EventQueue/PostEventOrderingTest.java\n fails\n - S8000307: Jre7cert: focusgained does not get called for\n all focus req when do alt + tab\n - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and\n reinitialize build number\n - S8001124: jdk7u ProblemList.txt updates (10/2012)\n - S8001242: Improve RMI HTTP conformance\n - S8001808: Create a test for 8000327\n - S8001876: Create regtest for 8000283\n - S8002068: Build broken: corba code changes unable to\n use new JDK 7 classes\n - S8002091: tools/launcher/ToolsOpts.java test started to\n fail since 7u11 b01 on Windows\n - S8002114: fix failed for JDK-7160951: [macosx]\n ActionListener called twice for JMenuItem using\n ScreenMenuBar\n - S8002225: (tz) Support tzdata2012i\n - S8003402: (dc)\n test/java/nio/channels/DatagramChannel/SendToUnresovled.java\n failing after 7u11 cleanup issues\n - S8003403: Test ShortRSAKeyWithinTLS and\n ClientJSSEServerJSSE failing after 7u11 cleanup\n - S8003948: NTLM/Negotiate authentication problem\n - S8004175: Restricted packages added in java.security\n are missing in java.security-{macosx, solaris, windows}\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n - S8004341: Two JCK tests fails with 7u11 b06\n - S8005615: Java Logger fails to load tomcat logger\n implementation (JULI)\n * Bug fixes\n - Fix build using Zero's HotSpot so all patches apply\n again.\n - PR1295: jamvm parallel unpack failure\n * removed\n icedtea-2.3.2-fix-extract-jamvm-dependency.patch\n - removed\n icedtea-2.3.3-refresh-6924259-string_offset.patch\n\n - few missing /openjdk/%{origin}/ changes\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-01T17:05:38", "title": "java-1_7_0-openjdk: update to 2.3.6 (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-03-01T17:05:38", "id": "OPENSUSE-SU-2013:0377-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:06", "references": ["https://bugzilla.novell.com/494536", "https://bugzilla.novell.com/792951", "http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e", "https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk-demo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk-demo", "operator": "lt"}], "description": "java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,\n fixing various security issues:\n\n New in release 1.12.2 (2012-02-03):\n\n *\n\n Security fixes\n\n o S6563318, CVE-2013-0424: RMI data sanitization\n o S6664509, CVE-2013-0425: Add logging context o S6664528,\n CVE-2013-0426: Find log level matching its name or value\n given at construction time o S6776941: CVE-2013-0427:\n Improve thread pool shutdown o S7141694, CVE-2013-0429:\n Improving CORBA internals o S7173145: Improve in-memory\n representation of splashscreens o S7186945: Unpack200\n improvement o S7186946: Refine unpacker resource usage o\n S7186948: Improve Swing data validation o S7186952,\n CVE-2013-0432: Improve clipboard access o S7186954: Improve\n connection performance o S7186957: Improve Pack200 data\n validation o S7192392, CVE-2013-0443: Better validation of\n client keys o S7192393, CVE-2013-0440: Better Checking of\n order of TLS Messages o S7192977, CVE-2013-0442: Issue in\n toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect\n about creating reflective proxies o S7200491: Tighten up\n JTable layout code o S7200500: Launcher better input\n validation o S7201064: Better dialogue checking o S7201066,\n CVE-2013-0441: Change modifiers on unused fields o\n S7201068, CVE-2013-0435: Better handling of UI elements o\n S7201070: Serialization to conform to protocol o S7201071,\n CVE-2013-0433: InetSocketAddress serialization issue o\n S8000210: Improve JarFile code quality o S8000537,\n CVE-2013-0450: Contextualize RequiredModelMBean class o\n S8000540, CVE-2013-1475: Improve IIOP type reuse management\n o S8000631, CVE-2013-1476: Restrict access to class\n constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP\n handling o S8001242: Improve RMI HTTP conformance o\n S8001307: Modify ACC_SUPER behavior o S8001972,\n CVE-2013-1478: Improve image processing o S8002325,\n CVE-2013-1480: Improve management of images\n *\n\n Backports\n\n o S7010849: 5/5 Extraneous javac source/target\n options when building sa-jdi o S8004341: Two JCK tests\n fails with 7u11 b06 o S8005615: Java Logger fails to load\n tomcat logger implementation (JULI)\n *\n\n Bug fixes\n\n o PR1297: cacao and jamvm parallel unpack\n failures o PR1301: PR1171 causes builds of Zero to fail\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-20T16:04:20", "title": "Security update for Java 1.6.0 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-20T16:04:20", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00015.html", "id": "SUSE-SU-2013:0315-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:29:41", "references": ["http://download.novell.com/patch/finder/?keywords=fc8b17df6be0cc8370eff53d8c702e02", "http://download.novell.com/patch/finder/?keywords=7014ea77ffe5c5f4f2e593888baa766b", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-14T23:04:46", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-14T23:04:46", "id": "SUSE-SU-2013:0440-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:29", "references": ["http://download.novell.com/patch/finder/?keywords=ec9d22c393a1ca0adfb36328a12130ef", "http://download.novell.com/patch/finder/?keywords=93cb6121fadaf694135bd63c1f9156b6", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-13T18:04:30", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-13T18:04:30", "id": "SUSE-SU-2013:0440-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:43", "references": ["https://bugzilla.novell.com/603353", "https://bugzilla.novell.com/438695", "http://download.novell.com/patch/finder/?keywords=514bd0c17c6dce42bd680235a566a928", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.s390.rpm", "arch": "s390", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-18T22:04:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for IBM Java2 JRE and SDK (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-18T22:04:28", "id": "SUSE-SU-2013:0478-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:01", "references": ["https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.1 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-19T15:04:26", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "java-1_6_0-openjdk to 1.12.1 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-19T15:04:26", "id": "OPENSUSE-SU-2013:0312-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:29", "references": ["https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-19T11:04:35", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "java-1_6_0-openjdk to 1.12.2 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-19T11:04:35", "id": "OPENSUSE-SU-2013:0308-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:34", "references": ["http://download.novell.com/patch/finder/?keywords=f3e49a4d1f2884a3b859fbf98da12261", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-demo-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-demo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-src-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-src", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-src-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-src", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-64bit", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-demo-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}], "edition": 1, "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "reporter": "Suse", "published": "2013-03-15T20:04:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-15T20:04:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00030.html", "id": "SUSE-SU-2013:0440-4", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["http://download.novell.com/patch/finder/?keywords=40a91b33dc9e5067426d661e5a9a76db", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "x86_64", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.x86_64.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390x", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.s390x.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390x", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.s390x.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.s390.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.s390.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "x86_64", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.x86_64.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}], "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-16T17:06:57", "title": "Security update for IBM Java5 JRE and SDK (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-16T17:06:57", "id": "SUSE-SU-2013:0440-5", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "references": ["http://download.novell.com/patch/finder/?keywords=5ea58c1fb829cad73b10e123453189b1", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}], "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-18T21:04:29", "title": "Security update for Java (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-18T21:04:29", "id": "SUSE-SU-2013:0440-6", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00033.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:21", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0247.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.17.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-0442 __](<https://access.redhat.com/security/cve/CVE-2013-0442>), [CVE-2013-0445 __](<https://access.redhat.com/security/cve/CVE-2013-0445>), [CVE-2013-0441 __](<https://access.redhat.com/security/cve/CVE-2013-0441>), [CVE-2013-1475 __](<https://access.redhat.com/security/cve/CVE-2013-1475>), [CVE-2013-1476 __](<https://access.redhat.com/security/cve/CVE-2013-1476>), [CVE-2013-0429 __](<https://access.redhat.com/security/cve/CVE-2013-0429>), [CVE-2013-0450 __](<https://access.redhat.com/security/cve/CVE-2013-0450>), [CVE-2013-0425 __](<https://access.redhat.com/security/cve/CVE-2013-0425>), [CVE-2013-0426 __](<https://access.redhat.com/security/cve/CVE-2013-0426>), [CVE-2013-0428 __](<https://access.redhat.com/security/cve/CVE-2013-0428>), [CVE-2013-0444 __](<https://access.redhat.com/security/cve/CVE-2013-0444>))\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. ([CVE-2013-1478 __](<https://access.redhat.com/security/cve/CVE-2013-1478>), [CVE-2013-1480 __](<https://access.redhat.com/security/cve/CVE-2013-1480>))\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. ([CVE-2013-0432 __](<https://access.redhat.com/security/cve/CVE-2013-0432>))\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. ([CVE-2013-0435 __](<https://access.redhat.com/security/cve/CVE-2013-0435>))\n\nMultiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-0431 __](<https://access.redhat.com/security/cve/CVE-2013-0431>), [CVE-2013-0427 __](<https://access.redhat.com/security/cve/CVE-2013-0427>), [CVE-2013-0433 __](<https://access.redhat.com/security/cve/CVE-2013-0433>), [CVE-2013-0434 __](<https://access.redhat.com/security/cve/CVE-2013-0434>))\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. ([CVE-2013-0424 __](<https://access.redhat.com/security/cve/CVE-2013-0424>))\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. ([CVE-2013-0440 __](<https://access.redhat.com/security/cve/CVE-2013-0440>))\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. ([CVE-2013-0443 __](<https://access.redhat.com/security/cve/CVE-2013-0443>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.17.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:31:00", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:21", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2014-09-15T22:31:00", "id": "ALAS-2013-156", "href": "https://alas.aws.amazon.com/ALAS-2013-156.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:15", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0245.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions.\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted.\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:30:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:15", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440"], "modified": "2014-09-15T22:30:00", "id": "ALAS-2013-155", "href": "https://alas.aws.amazon.com/ALAS-2013-155.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "https://bugzilla.redhat.com/show_bug.cgi?id=906900", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://www.securityfocus.com/bid/57689", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0445", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16680", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16680"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0445"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445", "id": "CVE-2013-0445", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:40", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://www.securityfocus.com/bid/57694", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/127e4c348a71", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "https://bugzilla.redhat.com/show_bug.cgi?id=860652", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"IIOP type reuse management\" in ObjectStreamClass.java.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-1475", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16613", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16613"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-1475"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:36:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475", "id": "CVE-2013-1475", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de", "http://www.securityfocus.com/bid/57709", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0425", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16058", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16058"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0425"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425", "id": "CVE-2013-0425", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "https://bugzilla.redhat.com/show_bug.cgi?id=907340", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://www.securityfocus.com/bid/57702", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0443", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:15832", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0443"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443", "id": "CVE-2013-0443", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:40", "references": ["http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f", "http://marc.info/?l=bugtraq&m=136570436423916&w=2", "https://bugzilla.redhat.com/show_bug.cgi?id=906904", "http://www.securityfocus.com/bid/57691", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" in awt_parseImage.c, which triggers memory corruption.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-1480", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16045", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16045"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-1480"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:36:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480", "id": "CVE-2013-1480", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.securityfocus.com/bid/57712", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://bugzilla.redhat.com/show_bug.cgi?id=859140", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0440", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16558", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16558"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0440"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0440", "id": "CVE-2013-0440", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.securityfocus.com/bid/57729", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and \"Better handling of UI elements.\"", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0435", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16489", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0435"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0435", "id": "CVE-2013-0435", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219", "http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://www.securityfocus.com/bid/57727", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient clipboard access premission checks.\"", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0432", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16567", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16567"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0432"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432", "id": "CVE-2013-0432", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458", "http://www.securityfocus.com/bid/57692", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka \"missing serialization restriction.\"", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0441", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16566", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16566"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0441"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441", "id": "CVE-2013-0441", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://bugzilla.redhat.com/show_bug.cgi?id=906813", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "http://www.securityfocus.com/bid/57715"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0424", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16519", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16519"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0424"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0424", "id": "CVE-2013-0424", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:05", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3342", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0429", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0409", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0434", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0428", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0444", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0433", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0432", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0427", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0425", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0438", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0419", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1478", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0441", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0435", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0440", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1473", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1475", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3213", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0445", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0442", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0424", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0430", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0426", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1480", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0443", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1481", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0351", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1541", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0449", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0446"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438)\n\nSeveral data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-0444)\n\nA data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0448)\n\nAn information disclosure vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0449)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 12.10. (CVE-2013-1481)", "edition": 3, "reporter": "Ubuntu", "published": "2013-02-14T00:00:00", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2012-3342", "CVE-2013-1473", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-1476", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425", "CVE-2013-0441", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0419"], "modified": "2013-02-14T00:00:00", "id": "USN-1724-1", "href": "https://usn.ubuntu.com/1724-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-09-05T16:45:12", "references": ["http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3342", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1474", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1543", "http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1477", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0419", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0438", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0409", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0436", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0423", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0435", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0429", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0446", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0448", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1472", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1481", "http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#disable", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0449", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4301", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0450", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0433", "http://www.java.com/en/download/help/disable_browser.xml", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0351", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1483", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1479", "http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx", "http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1476", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1541", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1473", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425", "http://codeascraft.etsy.com/2013/03/18/java-not-even-once/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0427", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1489", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0424", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0430", "http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showComment=1353874245992#c4794680666510382012", "http://docs.oracle.com/javase/7/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4305", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0434", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1482", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0447", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3213", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0431", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0440", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0439", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0444", "http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#install", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0437", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426"], "description": "### Overview\n\nJava 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nThe Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems. \n\nThe Java JRE plug-in provides its own [Security Manager](<http://docs.oracle.com/javase/7/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29>). Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document [states](<http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29>), _\"If there is a security manager already installed, this method first calls the security manager's _`_checkPermission_`_ method with a _`_RuntimePermission(\"setSecurityManager\")_`_ permission to ensure it's safe to replace the existing security manager. This may result in throwing a _`_SecurityException\"_`_._ \n \nBy leveraging a number of vulnerabilities, an untrusted Java applet can escalate its privileges to allow full privileges, without requiring code signing. Other vulnerabilities can cause exploitable memory corruption, which could affect Java applets, as well as Java applications, depending on what the Java application does and how it may process untrusted data. Oracle Java 7 Update 11, Java 6 Update 38, and earlier Java versions are affected. \n \nAt least one of these vulnerabilities is reportedly being exploited in the wild. \n \n--- \n \n### Impact\n\nBy convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for these vulnerabilities. The vulnerabilities that affect server deployments of Java may be exploited by causing a Java server application to process untrusted data. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nThese issues are addressed in Java 7 Update 13 and Java 6 Update 39. Please see the [Oracle Java SE Critical Patch Update Advisory](<http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html>) \\- February 2013 for more details. \n \n--- \n \n**Disable Java in web browsers** \n \nStarting with Java 7 Update 10, it is possible to [disable Java content in web browsers](<http://www.java.com/en/download/help/disable_browser.xml>) through the Java control panel applet. Please see the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#disable>) for more details. \n \nSystem administrators wishing to deploy Java 7 Update 10 or later with the \"Enable Java content in the browser\" feature disabled can invoke the Java installer with the `WEB_JAVA=0` command-line option. More details are available in the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#install>). \n \nAlternatively, Microsoft has released a [Fix it](<http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>) that disables Java in the Internet Explorer web browser. \n \n**Restrict access to Java applets** \n \nNetwork administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to `.jar` and `.class` files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Inc.| | -| 05 Feb 2013 \nOracle Corporation| | -| 01 Feb 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23858729 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C \nTemporal | 8.7 | E:H/RL:OF/RC:C \nEnvironmental | 8.7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html>\n * <http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html>\n * <http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showComment=1353874245992#c4794680666510382012>\n * <http://codeascraft.etsy.com/2013/03/18/java-not-even-once/>\n * <http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>\n\n### Credit\n\nThese vulnerabilities were reported by Oracle.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2012-1541](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1541>) [CVE-2012-1543](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1543>) [CVE-2012-3213](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3213>) [CVE-2012-3342](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3342>) [CVE-2012-4301](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4301>) [CVE-2012-4305](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4305>) [CVE-2013-0351](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0351>) [CVE-2013-0409](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0409>) [CVE-2013-0419](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0419>) [CVE-2013-0423](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0423>) [CVE-2013-0424](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0424>) [CVE-2013-0425](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425>) [CVE-2013-0426](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426>) [CVE-2013-0427](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0427>) [CVE-2013-0428](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428>) [CVE-2013-0429](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0429>) [CVE-2013-0430](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0430>) [CVE-2013-0431](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0431>) [CVE-2013-0432](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432>) [CVE-2013-0433](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0433>) [CVE-2013-0434](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0434>) [CVE-2013-0435](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0435>) [CVE-2013-0436](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0436>) [CVE-2013-0437](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0437>) [CVE-2013-0438](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0438>) [CVE-2013-0439](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0439>) [CVE-2013-0440](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0440>) [CVE-2013-0441](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441>) [CVE-2013-0442](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442>) [CVE-2013-0443](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443>) [CVE-2013-0444](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0444>) [CVE-2013-0445](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445>) [CVE-2013-0446](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0446>) [CVE-2013-0447](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0447>) [CVE-2013-0448](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0448>) [CVE-2013-0449](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0449>) [CVE-2013-0450](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0450>) [CVE-2013-1472](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1472>) [CVE-2013-1473](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1473>) [CVE-2013-1474](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1474>) [CVE-2013-1475](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475>) [CVE-2013-1476](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1476>) [CVE-2013-1477](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1477>) [CVE-2013-1478](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478>) [CVE-2013-1479](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1479>) [CVE-2013-1480](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480>) [CVE-2013-1481](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1481>) [CVE-2013-1482](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1482>) [CVE-2013-1483](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1483>) [CVE-2013-1489](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1489>)\n * US-CERT Alert: [TA13-032A](<http://www.us-cert.gov/cas/techalerts/TA13-032A.html>)\n * Date Public: 01 Feb 2013\n * Date First Published: 01 Feb 2013\n * Date Last Updated: 14 Jun 2013\n * Document Revision: 34\n\n", "edition": 5, "reporter": "CERT", "published": "2013-02-01T00:00:00", "title": "Oracle Java contains multiple vulnerabilities", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2013-0426", "CVE-2013-0426", "CVE-2012-1541", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-0448", "CVE-2013-1479", "CVE-2013-1479", "CVE-2013-0429", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0442", "CVE-2012-3342", "CVE-2012-3342", "CVE-2013-0431", "CVE-2013-0431", "CVE-2013-1472", "CVE-2013-1472", "CVE-2013-1473", "CVE-2013-1473", "CVE-2012-4301", "CVE-2012-4301", "CVE-2013-0434", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1480", "CVE-2013-1483", "CVE-2013-1483", "CVE-2013-1474", "CVE-2013-1474", "CVE-2013-0409", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-0438", "CVE-2013-0439", "CVE-2013-0439", "CVE-2013-1477", "CVE-2013-1477", "CVE-2013-1476", "CVE-2013-1476", "CVE-2013-0447", "CVE-2013-0447", "CVE-2013-0430", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0432", "CVE-2012-4305", "CVE-2012-4305", "CVE-2013-0424", "CVE-2013-0424", "CVE-2012-3213", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1481", "CVE-2013-0436", "CVE-2013-0436", "CVE-2013-0437", "CVE-2013-0437", "CVE-2013-0425", "CVE-2013-0425", "CVE-2013-0441", "CVE-2013-0441", "CVE-2013-1482", "CVE-2013-1482", "CVE-2013-1489", "CVE-2013-1489", "CVE-2012-1543", "CVE-2012-1543", "CVE-2013-0449", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0423", "CVE-2013-0419", "CVE-2013-0419"], "modified": "2013-06-14T00:00:00", "id": "VU:858729", "href": "https://www.kb.cert.org/vuls/id/858729", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:46:39", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 57703\r\nCVE(CAN) ID: CVE-2013-0450\r\n\r\nOracle Java Runtime Environment (JRE)\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nJava Runtime Environment\u7ec4\u4ef6\u7684JMX\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672a\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f71\u54cd\u5176\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u53ef\u7528\u6027\u3002\r\n0\r\nOracle Sun JRE <= JavaFX 2.2.4\r\nOracle Sun JRE <= 7 Update 11\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08javacpufeb2013verbose-1841196\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\njavacpufeb2013verbose-1841196\uff1aText Form of Oracle Java SE Critical Patch Update - February 2013 Risk Matrices\r\n\u94fe\u63a5\uff1ahttp://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html", "reporter": "Root", "published": "2013-02-06T00:00:00", "title": "Oracle Java SE JMX\u5b50\u7ec4\u4ef6\u8fdc\u7a0bJRE\u6f0f\u6d1e(CVE-2013-0450)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0450"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-02-06T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60629", "id": "SSV:60629", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "cve,details"}, {"lastseen": "2017-11-19T17:40:35", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 62179\r\nCVE(CAN) ID: CVE-2013-0531\r\n\r\nIBM Securityl AppScan Enterprise \u662f\u4e00\u4e2a\u57fa\u4e8eWeb \u7684\u591a\u7528\u6237Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u63d0\u4f9b\u96c6\u4e2d\u7684\u5b89\u5168\u6027\u626b\u63cf\u3001\u6570\u636e\u5408\u5e76\u548c\u62a5\u544a\u3001\u8865\u6551\u529f\u80fd\u3001\u6267\u884c\u4eea\u8868\u677f\u7b49\u529f\u80fd\r\n\r\nIBM Security AppScan Enterprise (\u5373\u4e4b\u524d\u7684IBM Rational AppScan Enterprise) \u652f\u6301\u4f7f\u7528\u5f31\u52a0\u5bc6\u7b97\u6cd5\u7684SSL\u5957\u4ef6\uff0c\u653b\u51fb\u8005\u65e0\u9700\u672c\u5730\u7f51\u7edc\u8bbf\u95ee\u53ca\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5373\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u89e3\u5bc6\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u8baf\uff0c\u6216\u5728\u5ba2\u6237\u7aef\u4e0a\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u4ece\u800c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\r\n0\r\nIBM Rational AppScan Enterprise 5.6-8.7\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nIBM\r\n---\r\nIBM\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff081640352\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n1640352\uff1aMultiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0531, CVE-2013-0440, CVE-2013-2997)\r\n\u94fe\u63a5\uff1ahttp://www-01.ibm.com/support/docview.wss?uid=swg21640352", "reporter": "Root", "published": "2013-09-13T00:00:00", "title": "IBM Security AppScan Enterprise \u5f31\u5bc6\u7801\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2013-0531)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0440", "CVE-2013-0531", "CVE-2013-2997"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-09-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60997", "id": "SSV:60997", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "", "status": "cve,details"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:47", "references": [], "description": "\r\n\r\nHello All,\r\n\r\nBelow, we are providing you with technical details regarding\r\nsecurity issues reported by us to Oracle and addressed by the\r\ncompany in a recent Feb 2013 Java SE CPU [1].\r\n\r\n[Issue 29]\r\nThis issue allows for the creation of arbitrary Proxy objects\r\nfor interfaces defined in restricted packages. Proxy objects\r\ndefined in a NULL class loader namespaces are of a particular\r\ninterest here. Such objects can be used to manipulate instances\r\nof certain restricted classes.\r\n\r\nIn our Proof of Concept code we create such a proxy object for\r\nthe com.sun.xml.internal.bind.v2.model.nav.Navigator interface.\r\nIn order to use the aforementioned proxy object, we need an\r\ninstance of that interface too. We obtain it with the help of\r\nIssue 28, which allows to access arbitrary field objects from\r\nrestricted classes and interfaces. As a result, by combining\r\nIssue 27-29, one can use Navigator interface and make use of\r\nits sensitive Reflection API functionality such as obtaining\r\naccess to methods of arbitrary classes. That condition can be\r\nfurther leveraged to obtain a complete JVM security bypass.\r\n\r\nPlease, note that our Proof of Concept code for Issues 27-29\r\nwas reported to Oracle in Apr 2012 and depending Issues 27-28\r\nwere addressed by the company sooner than Issue 29. Testing\r\nof the PoC will thus give best results on older versions of\r\nJava SE 7.\r\n\r\n[Issue 50]\r\nIssue 50 allows to violate a fundamental security constraint\r\nof Java VM, which is type safety. This vulnerability is another\r\ninstance of the problem related to the unsafe deserialization\r\nimplemented by com.sun.corba.se.impl.io.ObjectStreamClass class.\r\nIts first instance was fixed by Oracle in Oct 2011 [2] and it\r\nstemmed from the fact that during deserialization insufficient\r\ntype checks were done with respect to object references that\r\nwere written to target object instance created by the means of\r\ndeserialization. Such a reference writing was accomplished with\r\nthe use of a native functionality of sun.corba.Bridge class.\r\n\r\nThe problem that we found back in Sep 2012 was very similar to\r\nthe first one. It was located in the same code (class) and was\r\nalso exploiting direct writing of object references to memory\r\nwith the use of putObject method. While the first type confusion\r\nissue allowed to write object references of incompatible types\r\nto correct field offsets, Issue 50 relied on the possibility to\r\nwrite object references of incompatible types to...invalid field\r\noffsets.\r\n\r\nIt might be also worth to mention that Issue 50 was found to\r\nbe present in Java SE Embedded [3]. That is Java version that\r\nis based on desktop Java SE and is used in today\u2019s most powerful\r\nembedded systems such as aircraft and medical systems [4]. We\r\nverified that Oracle Java SE Embedded ver. 7 Update 6 from 10\r\nAug 2012 for ARM / Linux contained vulnerable implementation\r\nof ObjectStreamClass class.\r\n\r\nUnfortunately, we don't know any details regarding the impact\r\nof Issue 50 in the embedded space (which embedded systems are\r\nvulnerable to it, whether any feasible attack vectors exist,\r\netc.). So, it's up to Oracle to clarify any potential concerns\r\nin that area.\r\n\r\n[Issue 52]\r\nIssue 52 relies on the possibility to call no-argument methods\r\non arbitrary objects or classes. The vulnerability has its origin\r\nin com.sun.jmx.mbeanserver.Introspector class which is located\r\nin the same package as the infamous MBeanInstantiator bug found\r\nin the wild in early Jan 2013. The flaw stems from insecure call\r\nto invoke method of java.lang.reflect.Method class:\r\n\r\n if (method != null)\r\n return method.invoke(obj, new Object[0]);\r\n\r\nIn our Proof of Concept code we exploit the above implementation\r\nby making a call to getDeclaredMethods method of java.lang.Class\r\nclass to gain access to methods of restricted classes. This is\r\naccomplished with the use of the following code sequence:\r\n\r\nIntrospector.elementFromComplex((Object)clazz,"declaredMethods")\r\n\r\nAccess to public method objects of arbitrary restricted classes\r\nis sufficient to achieve a complete Java VM security sandbox\r\ncompromise. We make use of DefiningClassLoader exploit vector\r\nfor that purpose.\r\n\r\n[Issue 53]\r\nIssue 53 stems from the fact that Oracle's implementation of new\r\nsecurity levels introduced by the company in Java SE 7 Update 10\r\ndid not take into account the fact that Applets can be instantiated\r\nwith the use of serialization. Such a possibility is indicated both\r\nin HTML 4 Specification [5] as well as in Oracle's code.\r\n\r\nHTML 4 Specification contains the following description for the\r\n"object" attribute of APPLET element:\r\n\r\nobject = cdata [CS]\r\n This attribute names a resource containing a serialized\r\n representation of an applet's state. It is interpreted\r\n relative to the applet's codebase. The serialized data\r\n contains the applet's class name but not the implementation.\r\n The class name is used to retrieve the implementation from\r\n a class file or archive.\r\n\r\nAdditionally, Java 7 Update 10 (and 11) reveal the following code\r\nlogic when it comes to the implementation of new security features\r\n(Java Control Panel security levels).\r\n\r\n[excerpt from sun.plugin2.applet.Plugin2Manager class]\r\n\r\n String object_attr = getSerializedObject();\r\n String code_attr = getCode();\r\n ...\r\n\r\n if(code_attr != null) {\r\n Class class1 = plugin2classloader.loadCode(code_attr);\r\n ...\r\n if(class1 != null)\r\n\r\n if (fireAppletSSVValidation())\r\n ...\r\n } else {\r\n if(!isSecureVM)\r\n return;\r\n\r\nadapter.instantiateSerialApplet(plugin2classloader,object_attr);\r\n ...\r\n }\r\n\r\nThe above clearly shows that the conditional block implementing\r\nApplet instantiation via deserialization does not contain a call\r\nto fireAppletSSVValidation method. This method conducts important\r\nsecurity checks corresponding to security levels configured by\r\nJava Control Panel. The lack of a call to security checking method\r\nis equivalent to "no protection at all" as it allows for a silent\r\nJava exploit in particular.\r\n\r\nWhat's worth mentioning is that for Google Chrome the following\r\nHTML sequence needed to be used to activate target Applet code:\r\n\r\n<object type="application/x-java-applet" object="BlackBox.ser">\r\n\r\n---\r\n\r\nWe have made our original reports sent to Oracle and describing\r\nIssues 29, 50, 52 and 53 available for download from our project\r\ndetails page:\r\n\r\nhttp://www.security-explorations.com/en/SE-2012-01-details.html\r\n\r\nAlong with those reports we have also published the results of\r\nour quick Vulnerability Fix Experiment regarding Issue 50. We've\r\nnever heard a word from Oracle regarding it. Company's fix for\r\nIssue 50 is not a mirror of the one we had proposed, but it does\r\nrely on Class object instances for hashtable access / caching of\r\ntranslated ObjectStreamClass fields.\r\n\r\nAt the end, we would like to question Oracle's evaluation of the\r\nimpact of Java vulnerabilities fixed by the Feb 2013 Java SE CPU.\r\nOracle emphasized that patched vulnerabilities affect primarily\r\nJava Plugin / desktop environments and that only 3 of them apply\r\nto client and server deployments of Java. The 3 vulnerabilities\r\nOracle refers to are specifically the following ones:\r\n\r\nCVE-2013-0437 Subcomponent 2D\r\nCVE-2013-1478 Subcomponent 2D\r\nCVE-2013-1480 Subcomponent AWT\r\n\r\nNone of the vulnerabilities above seem to refer to the components\r\nwhere our discoveries were made (i.e. CORBA, JMX / BEANS).\r\n\r\nThe tests we have conducted yesterday against the latest version\r\nof Oracle GlassFish Server 3.1.2.2 (with security manager enabled)\r\nand RMI Registry from JDK 7 Update 11 confirmed the possibility to\r\nlaunch an attack against remote RMI server with the use of a Java\r\nSE vulnerability. We tested Issues patched by the recent CPU such\r\nas the MBeanInstantiator bug, Issue 50 and 52 and were able to:\r\n1) remotely load custom classes into the target Java RMI server\r\n (over RMI protocol),\r\n2) completely break Java security sandbox with the use of a Java\r\n SE vulnerability (the one which "can be exploited only through\r\n untrusted Java Web Start applications / untrusted Java applets"\r\n according to Oracle's CPU).\r\n\r\nAlthough Oracle is aware [6] that Java SE vulnerabilities can be\r\nalso exploited "in servers, by supplying malicious input to APIs\r\nin the vulnerable server component", the company rather undermines\r\nsuch a possibility by delivering a message that a majority of the\r\nvulnerabilities affect Java Plugin in the web browser or that in\r\nsome cases, the exploitation scenario of Java SE bugs on servers\r\nis very improbable.\r\n\r\nIn general, relying on a vulnerable Java SE version makes all of\r\nthe products depending on it potentially vulnerable unless there\r\nis absolutely *no way* that a vulnerable component can be reached\r\nby an attacker. As long as an attack vector through RMI protocol\r\nis valid, a potential for remote exploitation of security issues\r\nin Java SE on servers should be always concerned.\r\n\r\nThank You.\r\n\r\nBest Regards,\r\nAdam Gowdiak\r\n\r\n---------------------------------------------\r\nSecurity Explorations\r\nhttp://www.security-explorations.com\r\n"We bring security research to the new level"\r\n---------------------------------------------\r\n\r\nReferences:\r\n[1] Oracle Java SE Critical Patch Update Advisory - February 2013\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html\r\n[2] Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability\r\n http://www.zerodayinitiative.com/advisories/ZDI-11-306/\r\n[3] Oracle Java SE Embedded\r\n\r\nhttp://www.oracle.com/us/technologies/java/embedded/standard-edition/overview/index.html\r\n[4] Oracle making embedded Java push\r\n\r\nhttp://www.infoworld.com/d/application-development/oracle-making-embedded-java-push-203168\r\n[5] HTML 4 Specification, Including an applet: the APPLET element\r\n http://www.w3.org/TR/html401/struct/objects.html#h-13.4\r\n[6] February 2013 Critical Patch Update for Java SE Released\r\n\r\nhttps://blogs.oracle.com/security/entry/february_2013_critical_patch_update\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2013-02-11T00:00:00", "title": "[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:47", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-1478", "CVE-2013-1480", "CVE-2013-0437"], "modified": "2013-02-11T00:00:00", "id": "SECURITYVULNS:DOC:29026", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29026", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:50", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29138", "https://vulners.com/securityvulns/securityvulns:doc:29161", "https://vulners.com/securityvulns/securityvulns:doc:29106", "https://vulners.com/securityvulns/securityvulns:doc:29026", "https://vulners.com/securityvulns/securityvulns:doc:29162", "https://vulners.com/securityvulns/securityvulns:doc:29190", "https://vulners.com/securityvulns/securityvulns:doc:29116"], "description": "~50 of different vulnerabilities are fixed with CPU.", "edition": 1, "reporter": "BUGTRAQ", "published": "2013-03-19T00:00:00", "title": "Oracle Java multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:50", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "JDK", "version": "6", "operator": "eq"}, {"name": "JRE", "version": "6", "operator": "eq"}, {"name": "JRE", "version": "7", "operator": "eq"}, {"name": "JDK", "version": "7", "operator": "eq"}], "cvelist": ["CVE-2013-0426", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-0169", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2012-3342", "CVE-2013-0431", "CVE-2013-1472", "CVE-2013-1473", "CVE-2012-4301", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1483", "CVE-2013-1474", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-0439", "CVE-2013-1477", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0447", "CVE-2013-1487", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0432", "CVE-2012-4305", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0436", "CVE-2013-0437", "CVE-2013-0425", "CVE-2013-1484", "CVE-2013-0441", "CVE-2013-1482", "CVE-2013-1489", "CVE-2012-1543", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0419"], "modified": "2013-03-19T00:00:00", "id": "SECURITYVULNS:VULN:12873", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12873", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdi": [{"lastseen": "2016-11-09T00:17:54", "references": ["http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"], "edition": 2, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the Java AWT Image Transform library functions. For certain image transformation functions, Java fails to take the 'numBands' into account during the allocation of heap memory and instead uses a static value of 0x4. The allocated memory is later written to inside a loop that uses the 'numBands' value which can result in a memory corruption. This can lead to remote code execution under the context of the current process.", "reporter": "Chris Ries", "published": "2013-02-11T00:00:00", "title": "Oracle Java AWT Image Transform Remote Code Execution Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "zdi", "bulletinFamily": "info", "cvelist": ["CVE-2013-1480"], "modified": "2013-11-09T00:00:00", "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-022", "id": "ZDI-13-022", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:00", "references": ["http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html", "https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jdk", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jdk", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jre", "operator": "eq"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "7.11", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-sun-jre", "operator": "lt"}], "description": "\nUS CERT reports:\n\nJava 7 Update 10 and earlier versions of Java 7 contain a\n\t vulnerability that can allow a remote, unauthenticated\n\t attacker to execute arbitrary code on a vulnerable\n\t system.\nThe Java JRE plug-in provides its own Security Manager.\n\t Typically, a web applet runs with a security manager\n\t provided by the browser or Java Web Start plugin. Oracle's\n\t document states, \"If there is a security manager already\n\t installed, this method first calls the security manager's\n\t checkPermission method with a\n\t RuntimePermission(\"setSecurityManager\") permission to ensure\n\t it's safe to replace the existing security manager. This may\n\t result in throwing a SecurityException\".\nBy leveraging the vulnerability in the Java Management\n\t Extensions (JMX) MBean components, unprivileged Java code\n\t can access restricted classes. By using that vulnerability\n\t in conjunction with a second vulnerability involving the\n\t Reflection API and the invokeWithArguments method of the\n\t MethodHandle class, an untrusted Java applet can escalate\n\t its privileges by calling the the setSecurityManager()\n\t function to allow full privileges, without requiring code\n\t signing. Oracle Java 7 update 10 and earlier Java 7 versions\n\t are affected. The invokeWithArguments method was introduced\n\t with Java 7, so therefore Java 6 is not affected.\nThis vulnerability is being attacked in the wild, and is\n\t reported to be incorporated into exploit kits. Exploit code\n\t for this vulnerability is also publicly available.\n\nEsteban Guillardoy from Immunity Inc. additionally clarifies\n\t on the recursive reflection exploitation technique:\n\nThe real issue is in the native\n\t sun.reflect.Reflection.getCallerClass method.\nWe can see the following information in the Reflection\n\t source code:\nReturns the class of the method realFramesToSkip frames\n\t up the stack (zero-based), ignoring frames associated with\n\t java.lang.reflect.Method.invoke() and its\n\t implementation.\nSo what is happening here is that they forgot to skip the\n\t frames related to the new Reflection API and only the old\n\t reflection API is taken into account.\n\nThis exploit does not only affect Java applets, but every\n\t piece of software that relies on the Java Security Manager for\n\t sandboxing executable code is affected: malicious code can\n\t totally disable Security Manager.\nFor users who are running native Web browsers with enabled\n\t Java plugin, the workaround is to remove the java/icedtea-web\n\t port and restart all browser instances.\nFor users who are running Linux Web browser flavors, the\n\t workaround is either to disable the Java plugin in browser\n\t or to upgrade linux-sun-* packages to the non-vulnerable\n\t version.\nIt is not recommended to run untrusted applets using\n\t appletviewer, since this may lead to the execution of the\n\t malicious code on vulnerable versions on JDK/JRE.\n", "edition": 3, "reporter": "FreeBSD", "published": "2013-01-10T00:00:00", "title": "java 7.x -- security manager bypass", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0433"], "modified": "2013-01-10T00:00:00", "id": "D5E0317E-5E45-11E2-A113-C48508086173", "href": "https://vuxml.freebsd.org/freebsd/d5e0317e-5e45-11e2-a113-c48508086173.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:20", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450", "https://bugs.gentoo.org/show_bug.cgi?id=330205", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548", "https://bugs.gentoo.org/show_bug.cgi?id=457206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868", "https://bugs.gentoo.org/show_bug.cgi?id=477210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778", "https://bugs.gentoo.org/show_bug.cgi?id=353418", "https://bugs.gentoo.org/show_bug.cgi?id=461714", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431", "https://bugs.gentoo.org/show_bug.cgi?id=312297", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555", "https://bugs.gentoo.org/show_bug.cgi?id=421031", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423", "https://bugs.gentoo.org/show_bug.cgi?id=387637", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864", "https://bugs.gentoo.org/show_bug.cgi?id=354231", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470", "https://bugs.gentoo.org/show_bug.cgi?id=404095", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802", "https://bugs.gentoo.org/show_bug.cgi?id=438750", "https://bugs.gentoo.org/show_bug.cgi?id=429522", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563", "https://bugs.gentoo.org/show_bug.cgi?id=442478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569", "https://bugs.gentoo.org/show_bug.cgi?id=370787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521", "https://bugs.gentoo.org/show_bug.cgi?id=489570", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089", "https://bugs.gentoo.org/show_bug.cgi?id=458410", "https://bugs.gentoo.org/show_bug.cgi?id=352035", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459", "https://bugs.gentoo.org/show_bug.cgi?id=466822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456", "https://bugs.gentoo.org/show_bug.cgi?id=355127", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552", "https://bugs.gentoo.org/show_bug.cgi?id=433389", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420", "https://bugs.gentoo.org/show_bug.cgi?id=346799", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417", "https://bugs.gentoo.org/show_bug.cgi?id=340819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537", "https://bugs.gentoo.org/show_bug.cgi?id=508270", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "6.1.13.3", "packageFilename": "UNKNOWN", "packageName": "dev-java/icedtea-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-06-29T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2016-04-19T00:00:00", "id": "GLSA-201406-32", "href": "https://security.gentoo.org/glsa/201406-32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:14", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775", "https://bugs.gentoo.org/show_bug.cgi?id=498148", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457", "https://bugs.gentoo.org/show_bug.cgi?id=473980", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035", "https://bugs.gentoo.org/show_bug.cgi?id=438706", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455", "https://bugs.gentoo.org/show_bug.cgi?id=404071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417", "https://bugs.gentoo.org/show_bug.cgi?id=458444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801", "https://bugs.gentoo.org/show_bug.cgi?id=488210", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776", "https://bugs.gentoo.org/show_bug.cgi?id=421073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415", "https://bugs.gentoo.org/show_bug.cgi?id=473830", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814", "https://bugs.gentoo.org/show_bug.cgi?id=455174", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461", "https://bugs.gentoo.org/show_bug.cgi?id=460360", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717", "https://bugs.gentoo.org/show_bug.cgi?id=466212", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812", "https://bugs.gentoo.org/show_bug.cgi?id=451206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810", "https://bugs.gentoo.org/show_bug.cgi?id=433094", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.45", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jdk", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.0.51", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jre-bin", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.0.51", "packageFilename": "UNKNOWN", "packageName": "app-emulation/emul-linux-x86-java", "arch": "all", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.6.0.45", "packageFilename": "UNKNOWN", "packageName": "dev-java/sun-jre-bin", "arch": "all", "operator": "le"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.7.0.51", "packageFilename": "UNKNOWN", "packageName": "dev-java/oracle-jdk-bin", "arch": "all", "operator": "lt"}], "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-01-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "modified": "2014-01-27T00:00:00", "id": "GLSA-201401-30", "href": "https://security.gentoo.org/glsa/201401-30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
