Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.25-2.3.10.3.AXS4 (AXSA:2013-486:05)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

MiracleLinux 4 OpenJDK vulnerable per AXSA:2013-486:05 (CVE-2013-1500, 1571, 2407, 2412, 2443, 2444).

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM Sterling Certificate Wizard Shared Memory Permission Vulnerability (CVE-2013-1500)
25 Sep 202223:09
ibm
IBM Security Bulletins		Security Bulletin: IBM Tivoli Security Policy Manager (TSPM) Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
25 Sep 202221:06
ibm
IBM Security Bulletins		Security Bulletin: IBM Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)
15 Jun 201823:04
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
25 Sep 202221:06
ibm
IBM Security Bulletins		Security Bulletin: Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
26 Sep 202203:29
ibm
IBM Security Bulletins		Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
25 Sep 202221:06
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Order Management - Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
26 Sep 202203:31
ibm
IBM Security Bulletins		Security Bulletin: Information regarding security vulnerability in IBM SDK for Java, which shipped with IBM WebSphere Application Server and is addressed by Oracle CPU June 2013
25 Sep 202221:06
ibm
IBM Security Bulletins		Security Bulletin: Javadoc vulnerability exists in the IMS Connect API for Java component of IMS Enterprise Suite (CVE-2013-1571)
25 Sep 202223:13
ibm
IBM Security Bulletins		Security Bulletin: IBM Records Manager Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)
25 Sep 202221:06
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-486:05.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289371);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2013-1500",
    "CVE-2013-1571",
    "CVE-2013-2407",
    "CVE-2013-2412",
    "CVE-2013-2443",
    "CVE-2013-2444",
    "CVE-2013-2445",
    "CVE-2013-2446",
    "CVE-2013-2447",
    "CVE-2013-2448",
    "CVE-2013-2449",
    "CVE-2013-2450",
    "CVE-2013-2452",
    "CVE-2013-2453",
    "CVE-2013-2454",
    "CVE-2013-2455",
    "CVE-2013-2456",
    "CVE-2013-2457",
    "CVE-2013-2458",
    "CVE-2013-2459"
  );

  script_name(english:"MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.25-2.3.10.3.AXS4 (AXSA:2013-486:05)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2013-486:05 advisory.

    The OpenJDK runtime environment.
    Security issues fixed with this release:
     CVE-2013-1500
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect
    confidentiality and integrity via unknown vectors related to 2D.
     CVE-2013-1571
    Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45
    and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows remote attackers to affect
    integrity via unknown vectors related to Javadoc.
     CVE-2013-2407
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability
    via unknown vectors related to Libraries.
     CVE-2013-2412
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown
    vectors related to Serviceability.
     CVE-2013-2443
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability
    via unknown vectors related to Libraries.
     CVE-2013-2444
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows
    remote attackers to affect availability via vectors related to AWT.
     CVE-2013-2445
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability
    via unknown vectors related to Libraries.
     CVE-2013-2446
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality via vectors related to CORBA.
     CVE-2013-2447
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality via unknown vectors related to Networking.
     CVE-2013-2448
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to Sound.
     CVE-2013-2449
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
     CVE-2013-2450
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    availability via unknown vectors related to Serialization.
     CVE-2013-2452
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and
    CVE-2013-2455.
     CVE-2013-2453
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to
    JMX.
     CVE-2013-2454
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality and integrity via vectors related to JDBC.
     CVE-2013-2455
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and
    CVE-2013-2452.
     CVE-2013-2456
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality via unknown vectors related to Serialization.
     CVE-2013-2457
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    integrity via vectors related to JMX.
     CVE-2013-2458
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to
    Libraries.
     CVE-2013-2459
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to AWT.
     CVE-2013-2460
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown
    vectors related to Serviceability.
     CVE-2013-2461
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and
    availability via unknown vectors related to Libraries.
     CVE-2013-2463
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and
    CVE-2013-2473.
     CVE-2013-2465
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and
    CVE-2013-2473.
     CVE-2013-2469
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and
    CVE-2013-2473.
     CVE-2013-2470
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2471, CVE-2013-2472, and
    CVE-2013-2473.
     CVE-2013-2471
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2472, and
    CVE-2013-2473.
     CVE-2013-2472
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and
    CVE-2013-2473.
     CVE-2013-2473
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
    and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability
    than CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, and
    CVE-2013-2472.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4159");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.7.0-openjdk and / or java-1.7.0-openjdk-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2459");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2013-1571");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.7.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.7.0-openjdk-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'java-1.7.0-openjdk-1.7.0.25-2.3.10.3.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-1.7.0.25-2.3.10.3.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.7.0-openjdk / java-1.7.0-openjdk-devel');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jan 2026 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 210
CVSS 3.19.8
EPSS0.9322
SSVC
openjdk vulnerabilityaxsa advisorycve identifiers 1500miraclelinux fourjava runtime issue
4