Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.9-2.3.7.1.AXS4 (AXSA:2013-98:02)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 6 Views

MiracleLinux 4 OpenJDK runtime has CVEs 2013-0424 to 2013-0428 vulnerabilities fixed by AXSA:2013-98:02.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		OpenSSL -- TLS 1.1, 1.2 denial of service
5 Feb 201300:00
freebsd
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
25 Sep 202223:13
ibm
IBM Security Bulletins		Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c
25 Sep 202221:06
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in InfoSphere Optim Performance Manager due to vulnerabilities in IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443)
25 Sep 202223:13
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)
10 Jul 201808:34
ibm
IBM Security Bulletins		Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU
26 Sep 202205:45
ibm
IBM Security Bulletins		Security Bulletin: IBM Systems Director is affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2013-0169 and CVE-2014-3470)
31 Jan 201901:25
ibm
IBM Security Bulletins		Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
17 Jun 201804:48
ibm
IBM Security Bulletins		Security Bulletin: IBM QuickFile is affected by vulnerabilities that exist in the IBM Java SDK.
25 Sep 202223:13
ibm
IBM Security Bulletins		Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL
24 Jul 202022:49
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2013-98:02.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(290025);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/17");

  script_cve_id(
    "CVE-2013-0424",
    "CVE-2013-0425",
    "CVE-2013-0426",
    "CVE-2013-0427",
    "CVE-2013-0428",
    "CVE-2013-0429",
    "CVE-2013-0431",
    "CVE-2013-0432",
    "CVE-2013-0433",
    "CVE-2013-0434",
    "CVE-2013-0435",
    "CVE-2013-0440",
    "CVE-2013-0441",
    "CVE-2013-0442",
    "CVE-2013-0443",
    "CVE-2013-0444",
    "CVE-2013-0445",
    "CVE-2013-0450",
    "CVE-2013-1475",
    "CVE-2013-1476"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/15");

  script_name(english:"MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.9-2.3.7.1.AXS4 (AXSA:2013-98:02)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the
AXSA:2013-98:02 advisory.

    The OpenJDK runtime environment.
    Security issues fixed with this release:
     CVE-2013-0424
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect integrity via vectors related to RMI.
     CVE-2013-0425
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different
    vulnerability than CVE-2013-0428 and CVE-2013-0426.
     CVE-2013-0426
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different
    vulnerability than CVE-2013-0425 and CVE-2013-0428.
     CVE-2013-0427
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via
    unknown vectors related to Libraries.
     CVE-2013-0428
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different
    vulnerability than CVE-2013-0425 and CVE-2013-0426.
     CVE-2013-0429
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to CORBA.
     CVE-2013-0431
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11 allows user-assisted remote attackers to bypass the Java security sandbox via unspecified
    vectors related to JMX, aka Issue 52, a different vulnerability than CVE-2013-1490.
     CVE-2013-0432
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality and integrity via vectors related to AWT.
     CVE-2013-0433
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect integrity via
    unknown vectors related to Networking.
     CVE-2013-0434
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality via vectors related to JAXP.
     CVE-2013-0435
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via vectors related to
    JAX-WS.
     CVE-2013-0440
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect availability via vectors related to JSSE.
     CVE-2013-0441
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via vectors related to CORBA, a different
    vulnerability than CVE-2013-1476 and CVE-2013-1475.
     CVE-2013-0442
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via vectors related to AWT.
     CVE-2013-0443
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality and integrity via vectors related to JSSE.
     CVE-2013-0444
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown
    vectors related to Beans.
     CVE-2013-0445
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to AWT.
     CVE-2013-0450
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to JMX.
     CVE-2013-1475
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via vectors related to CORBA.
     CVE-2013-1476
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via vectors related to CORBA, a different
    vulnerability than CVE-2013-0441 and CVE-2013-1475.
     CVE-2013-1478
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via unknown vectors related to 2D.
     CVE-2013-1480
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through
    Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to
    affect confidentiality, integrity, and availability via vectors related to AWT.
     CVE-2013-0169
    The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and
    other products, do not properly consider timing side-channel attacks on a MAC check requirement during the
    processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and
    plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky
    Thirteen issue.
     CVE-2013-1484
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13
    and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown
    vectors related to Libraries.
     CVE-2013-1485
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13
    and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
     CVE-2013-1486
    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13
    and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect
    confidentiality, integrity, and availability via vectors related to JMX.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/3726");
  script_set_attribute(attribute:"solution", value:
"Update the affected java-1.7.0-openjdk package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1476");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2013-0431");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Java Applet JMX Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:java-1.7.0-openjdk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'java-1.7.0-openjdk-1.7.0.9-2.3.7.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'java-1.7.0-openjdk-1.7.0.9-2.3.7.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.7.0-openjdk');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jan 2026 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 210
CVSS 3.15.3
EPSS0.91543
SSVC
openjdk runtimecve 2013 0424cve 2013 0425cve 2013 0426cve 2013 0427cve 2013 0428axsa advisorymiraclelinux 4
6