{"id": "REDHAT-RHSA-2013-0624.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.", "published": "2013-03-12T00:00:00", "modified": "2018-12-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2013-0809", "https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/errata/RHSA-2013:0624", "https://access.redhat.com/security/cve/cve-2013-0425", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1486", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1493", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-1481", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0409", "https://developer.ibm.com/javasdk/support/security-vulnerabilities/", "https://access.redhat.com/security/cve/cve-2013-0443", "https://access.redhat.com/security/cve/cve-2012-5085"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "type": "nessus", "lastseen": "2019-01-16T20:15:51", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "1199e5a33e0d8de6c8870f704e905492277288c6b955e33c180d7e7258e3ea6a", "hashmap": [{"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "cbd9870bd4726b251894acde1411550b", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-08-30T19:56:52", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:56:52"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c7c60710fd1da25ab6b89239395ba2168d274587a54a9d529ca44c1bd9a2ceb7", "hashmap": [{"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "cbd9870bd4726b251894acde1411550b", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-09-02T00:08:19", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-09-02T00:08:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 9, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "8ff2c97fc417eeefdfa623fc60f35c75710d6e922403913624eeb84f96cd5cb1", "hashmap": [{"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "88586edda34b2cd1251c668ed5067edb", "key": "modified"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c1dedc5c05ae30f66eedd21ec611028d", "key": "references"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "6cb4e6a1f47e512329c4c3bf4526f6bf", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-12-21T06:18:18", "modified": "2018-12-20T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2013-0809", "https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/errata/RHSA-2013:0624", "https://access.redhat.com/security/cve/cve-2013-0425", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1486", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1493", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-1481", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0409", "https://developer.ibm.com/javasdk/support/security-vulnerabilities/", "https://access.redhat.com/security/cve/cve-2013-0443", "https://access.redhat.com/security/cve/cve-2012-5085"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0809\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 9, "lastseen": "2018-12-21T06:18:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3dfb518785dde758155402abc37808e5305edfd71e2ae14f2ae07b4bbd1bc5c4", "hashmap": [{"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "ba9badc8d3bde2aba2b6f0f12c5999d7", "key": "sourceData"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2017-10-29T13:45:07", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.26 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:45:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4df990786c1fd089773ae63a6e9b037a54cb509de4d0d5c459e02d201cca78da", "hashmap": [{"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "3f18cf15ed86b8bc3dad73510c53d3a4", "key": "sourceData"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "73337fa94fe29f7758462b6613a0ae8a", "key": "references"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-11-13T17:10:19", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://access.redhat.com/security/cve/cve-2013-0809", "https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/errata/RHSA-2013:0624", "https://access.redhat.com/security/cve/cve-2013-0425", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1486", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1493", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-1481", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0409", "https://access.redhat.com/security/cve/cve-2013-0443", "https://access.redhat.com/security/cve/cve-2012-5085"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0809\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "modified", "sourceData"], "edition": 8, "lastseen": "2018-11-13T17:10:19"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 2, "enchantments": {}, "hash": "52916251740815140f0a3e5604ecab10250abf5091643be2944e489efa1dae59", "hashmap": [{"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "ba9badc8d3bde2aba2b6f0f12c5999d7", "key": "sourceData"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2017-01-06T02:17:07", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.26 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:17:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c7c60710fd1da25ab6b89239395ba2168d274587a54a9d529ca44c1bd9a2ceb7", "hashmap": [{"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "cbd9870bd4726b251894acde1411550b", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-07-30T14:23:53", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.27\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T14:23:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 7, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "5fc2adbc549c3dc1e9eddb2edd467f0851e975faba2e5f3cb4d7dfcc074f1f0d", "hashmap": [{"hash": "7f86b488cde79959076c92cafc9748f6", "key": "modified"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "545caa81a6885ff35d6b980640bdfe8c", "key": "sourceData"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2018-09-12T10:13:37", "modified": "2018-09-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.28\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 3}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2018-09-12T10:13:37"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "edition": 1, "hash": "1bb8c8af90a9e75e94ca70aa36240199d78e05d89b5083c7ea5e104897e03a57", "hashmap": [{"hash": "d4d064cfe0e4042b38911306aeefc42e", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "87946fa4e3b0ffd2a5b965605169bfaa", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2016-09-26T17:26:32", "modified": "2016-05-13T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "65202", "published": "2013-03-12T00:00:00", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.25 $\");\n script_cvs_date(\"$Date: 2016/05/13 15:25:21 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n}\n", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:32"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3"}, {"key": "cvelist", "hash": "d0a2f6ca281377808ca9d03f92d80860"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "3297b73152b5e3a22ad8ef331d20803e"}, {"key": "href", "hash": "922395c95dde7655f146baeaf307ddb9"}, {"key": "modified", "hash": "88586edda34b2cd1251c668ed5067edb"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "964e8d3cf0b83db12176742a7c515e2d"}, {"key": "published", "hash": "32b73c3f5bbe2b383186efb6bf4d6f74"}, {"key": "references", "hash": "c1dedc5c05ae30f66eedd21ec611028d"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "6cb4e6a1f47e512329c4c3bf4526f6bf"}, {"key": "title", "hash": "74b2fc7ddde9207559e904b9278d3f5d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d073456ac6a717cfe9d29ff1ac6722dc3386aa10ba2899a7998e9a92f99780d6", "viewCount": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"1.30\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-5085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0809\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "65202", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"]}

{"suse": [{"lastseen": "2016-09-04T11:29:41", "references": ["http://download.novell.com/patch/finder/?keywords=fc8b17df6be0cc8370eff53d8c702e02", "http://download.novell.com/patch/finder/?keywords=7014ea77ffe5c5f4f2e593888baa766b", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware LTSS", "OSVersion": "11.1", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-14T23:04:46", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-14T23:04:46", "id": "SUSE-SU-2013:0440-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:29", "references": ["http://download.novell.com/patch/finder/?keywords=ec9d22c393a1ca0adfb36328a12130ef", "http://download.novell.com/patch/finder/?keywords=93cb6121fadaf694135bd63c1f9156b6", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-jdbc", "packageFilename": "java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-plugin", "packageFilename": "java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.4.2_sr13.15-0.6.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm-devel", "packageFilename": "java-1_4_2-ibm-devel-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.4.2_sr13.15-0.3.1", "packageName": "java-1_4_2-ibm", "packageFilename": "java-1_4_2-ibm-1.4.2_sr13.15-0.3.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-13T18:04:30", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-13T18:04:30", "id": "SUSE-SU-2013:0440-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00016.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:51:43", "references": ["https://bugzilla.novell.com/603353", "https://bugzilla.novell.com/438695", "http://download.novell.com/patch/finder/?keywords=514bd0c17c6dce42bd680235a566a928", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-JRE", "packageFilename": "IBMJava2-JRE-1.4.2_sr13.15-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.4.2_sr13.15-0.4", "packageName": "IBMJava2-SDK", "packageFilename": "IBMJava2-SDK-1.4.2_sr13.15-0.4.s390.rpm", "arch": "s390", "operator": "lt"}], "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-18T22:04:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for IBM Java2 JRE and SDK (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-18T22:04:28", "id": "SUSE-SU-2013:0478-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:49", "references": ["http://download.novell.com/patch/finder/?keywords=5ea58c1fb829cad73b10e123453189b1", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.0-0.6.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}], "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-18T21:04:29", "title": "Security update for Java (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-18T21:04:29", "id": "SUSE-SU-2013:0440-6", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00033.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:34", "references": ["http://download.novell.com/patch/finder/?keywords=f3e49a4d1f2884a3b859fbf98da12261", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-demo-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-demo", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-src-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-src", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-src-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-src", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-64bit-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-64bit", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-demo-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1.ppc.rpm", "packageName": "java-1_5_0-ibm-jdbc", "arch": "ppc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.0-0.6.1", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "arch": "i586", "operator": "lt"}], "edition": 1, "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "reporter": "Suse", "published": "2013-03-15T20:04:28", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "title": "Security update for Java (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-15T20:04:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00030.html", "id": "SUSE-SU-2013:0440-4", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:28:41", "references": ["http://download.novell.com/patch/finder/?keywords=40a91b33dc9e5067426d661e5a9a76db", "https://bugzilla.novell.com/798535"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "x86_64", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.x86_64.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390x", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.s390x.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "i586", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.i586.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "i586", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.i586.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390x", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.s390x.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.s390.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "s390", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.0-0.4.s390.rpm", "packageName": "IBMJava5-JRE", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.0-0.4", "arch": "x86_64", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.0-0.4.x86_64.rpm", "packageName": "IBMJava5-SDK", "operator": "lt"}], "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-16T17:06:57", "title": "Security update for IBM Java5 JRE and SDK (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2013-03-16T17:06:57", "id": "SUSE-SU-2013:0440-5", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00032.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:24", "references": ["https://bugzilla.novell.com/803379"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-javadoc-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-javadoc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-javadoc-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-javadoc", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-src-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-src", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-debugsource-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.26.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.2", "packageVersion": "1.7.0.6-3.26.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-3.26.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo-debuginfo", "operator": "lt"}], "description": "java-1_7_0-openjdk was updated to icedtea-2.3.6\n (bnc#803379) containing various security and bugfixes:\n\n * Security fixes\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200493, CVE-2013-0444: Improve cache handling\n - S7200499: Better data validation for options\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000539, CVE-2013-0431: Introspect JMX data handling\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n - S8001242: Improve RMI HTTP conformance\n - S8001307: Modify ACC_SUPER behavior\n - S8001972, CVE-2013-1478: Improve image processing\n - S8002325, CVE-2013-1480: Improve management of images\n * Backports\n - S7057320:\n test/java/util/concurrent/Executors/AutoShutdown.java\n failing intermittently\n - S7083664: TEST_BUG: test hard code of using c:/temp but\n this dir might not exist\n - S7107613: scalability blocker in\n javax.crypto.CryptoPermissions\n - S7107616: scalability blocker in\n javax.crypto.JceSecurityManager\n - S7146424: Wildcard expansion for single entry classpath\n - S7160609: [macosx] JDK crash in libjvm.dylib ( C\n [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)\n - S7160951: [macosx] ActionListener called twice for\n JMenuItem using ScreenMenuBar\n - S7162488: VM not printing unknown -XX options\n - S7169395: Exception throws due to the changes in JDK 7\n object tranversal and break backward compatibility\n - S7175616: Port fix for TimeZone from JDK 8 to JDK 7\n - S7176485: (bf) Allow temporary buffer cache to grow to\n IOV_MAX\n - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and\n reinitialize build number\n - S7184326: TEST_BUG:\n java/awt/Frame/7024749/bug7024749.java has a typo\n - S7185245: Licensee source bundle tries to compile JFR\n - S7185471: Avoid key expansion when AES cipher is\n re-init w/ the same key\n - S7186371: [macosx] Main menu shortcuts not displayed\n (7u6 regression)\n - S7187834: [macosx] Usage of private API in macosx 2d\n implementation causes Apple Store rejection\n - S7188114: (launcher) need an alternate command line\n parser for Windows\n - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and\n reinitialize build number\n - S7189350: Fix failed for CR 7162144\n - S7190550: REGRESSION: Some closed/com/oracle/jfr/api\n tests fail to compile becuse of fix 7185245\n - S7193219: JComboBox serialization fails in JDK 1.7\n - S7193977: REGRESSION:Java 7's JavaBeans persistence\n ignoring the &quot;transient&quot; flag on properties\n - S7195106: REGRESSION : There is no way to get Icon inf,\n once Softreference is released\n - S7195301: XML Signature DOM implementation should not\n use instanceof to determine type of Node\n - S7195931: UnsatisfiedLinkError on\n PKCS11.C_GetOperationState while using NSS from jre7u6+\n - S7197071: Makefiles for various security providers\n aren't including the default manifest.\n - S7197652: Impossible to run any signed JNLP\n applications or applets, OCSP off by default\n - S7198146: Another new regression test does not compile\n on windows-amd64\n - S7198570: (tz) Support tzdata2012f\n - S7198640: new hotspot build - hs23.6-b04\n - S7199488: [TEST] runtime/7158800/InternTest.java failed\n due to false-positive on PID match.\n - S7199645: Increment build # of hs23.5 to b02\n - S7199669: Update tags in .hgtags file for CPU release\n rename\n - S7200720: crash in net.dll during NTLM authentication\n - S7200742: (se) Selector.select does not block when\n starting Coherence (sol11u1)\n - S7200762: [macosx] Stuck in\n sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Native\n Method)\n - S8000285: Deadlock between PostEventQueue.noEvents,\n EventQueue.isDispatchThread and\n SwingUtilities.invokeLater\n - S8000286: [macosx] Views keep scrolling back to the\n drag position after DnD\n - S8000297: REGRESSION:\n closed/java/awt/EventQueue/PostEventOrderingTest.java\n fails\n - S8000307: Jre7cert: focusgained does not get called for\n all focus req when do alt + tab\n - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and\n reinitialize build number\n - S8001124: jdk7u ProblemList.txt updates (10/2012)\n - S8001242: Improve RMI HTTP conformance\n - S8001808: Create a test for 8000327\n - S8001876: Create regtest for 8000283\n - S8002068: Build broken: corba code changes unable to\n use new JDK 7 classes\n - S8002091: tools/launcher/ToolsOpts.java test started to\n fail since 7u11 b01 on Windows\n - S8002114: fix failed for JDK-7160951: [macosx]\n ActionListener called twice for JMenuItem using\n ScreenMenuBar\n - S8002225: (tz) Support tzdata2012i\n - S8003402: (dc)\n test/java/nio/channels/DatagramChannel/SendToUnresovled.java\n failing after 7u11 cleanup issues\n - S8003403: Test ShortRSAKeyWithinTLS and\n ClientJSSEServerJSSE failing after 7u11 cleanup\n - S8003948: NTLM/Negotiate authentication problem\n - S8004175: Restricted packages added in java.security\n are missing in java.security-{macosx, solaris, windows}\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n - S8004341: Two JCK tests fails with 7u11 b06\n - S8005615: Java Logger fails to load tomcat logger\n implementation (JULI)\n * Bug fixes\n - Fix build using Zero's HotSpot so all patches apply\n again.\n - PR1295: jamvm parallel unpack failure\n * removed\n icedtea-2.3.2-fix-extract-jamvm-dependency.patch\n - removed\n icedtea-2.3.3-refresh-6924259-string_offset.patch\n\n - few missing /openjdk/%{origin}/ changes\n\n", "edition": 1, "reporter": "Suse", "published": "2013-03-01T17:05:38", "title": "java-1_7_0-openjdk: update to 2.3.6 (critical)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-03-01T17:05:38", "id": "OPENSUSE-SU-2013:0377-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:06", "references": ["https://bugzilla.novell.com/494536", "https://bugzilla.novell.com/792951", "http://download.novell.com/patch/finder/?keywords=3d24d3eb8bd24ecde9576c270902855e", "https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "x86_64", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1.x86_64.rpm", "packageName": "java-1_6_0-openjdk-demo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.2", "packageVersion": "1.6.0.0_b27.1.12.2-0.2.1", "arch": "i586", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-0.2.1.i586.rpm", "packageName": "java-1_6_0-openjdk-demo", "operator": "lt"}], "description": "java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,\n fixing various security issues:\n\n New in release 1.12.2 (2012-02-03):\n\n *\n\n Security fixes\n\n o S6563318, CVE-2013-0424: RMI data sanitization\n o S6664509, CVE-2013-0425: Add logging context o S6664528,\n CVE-2013-0426: Find log level matching its name or value\n given at construction time o S6776941: CVE-2013-0427:\n Improve thread pool shutdown o S7141694, CVE-2013-0429:\n Improving CORBA internals o S7173145: Improve in-memory\n representation of splashscreens o S7186945: Unpack200\n improvement o S7186946: Refine unpacker resource usage o\n S7186948: Improve Swing data validation o S7186952,\n CVE-2013-0432: Improve clipboard access o S7186954: Improve\n connection performance o S7186957: Improve Pack200 data\n validation o S7192392, CVE-2013-0443: Better validation of\n client keys o S7192393, CVE-2013-0440: Better Checking of\n order of TLS Messages o S7192977, CVE-2013-0442: Issue in\n toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect\n about creating reflective proxies o S7200491: Tighten up\n JTable layout code o S7200500: Launcher better input\n validation o S7201064: Better dialogue checking o S7201066,\n CVE-2013-0441: Change modifiers on unused fields o\n S7201068, CVE-2013-0435: Better handling of UI elements o\n S7201070: Serialization to conform to protocol o S7201071,\n CVE-2013-0433: InetSocketAddress serialization issue o\n S8000210: Improve JarFile code quality o S8000537,\n CVE-2013-0450: Contextualize RequiredModelMBean class o\n S8000540, CVE-2013-1475: Improve IIOP type reuse management\n o S8000631, CVE-2013-1476: Restrict access to class\n constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP\n handling o S8001242: Improve RMI HTTP conformance o\n S8001307: Modify ACC_SUPER behavior o S8001972,\n CVE-2013-1478: Improve image processing o S8002325,\n CVE-2013-1480: Improve management of images\n *\n\n Backports\n\n o S7010849: 5/5 Extraneous javac source/target\n options when building sa-jdi o S8004341: Two JCK tests\n fails with 7u11 b06 o S8005615: Java Logger fails to load\n tomcat logger implementation (JULI)\n *\n\n Bug fixes\n\n o PR1297: cacao and jamvm parallel unpack\n failures o PR1301: PR1171 causes builds of Zero to fail\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-20T16:04:20", "title": "Security update for Java 1.6.0 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-20T16:04:20", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00015.html", "id": "SUSE-SU-2013:0315-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:01", "references": ["https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.1-25.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "11.4", "packageVersion": "1.6.0.0_b27.1.12.1-25.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.1-25.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.1 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-19T15:04:26", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "java-1_6_0-openjdk to 1.12.1 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-19T15:04:26", "id": "OPENSUSE-SU-2013:0312-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:41:29", "references": ["https://bugzilla.novell.com/801972"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel-debuginfo", "packageFilename": "java-1_6_0-openjdk-devel-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-javadoc", "packageFilename": "java-1_6_0-openjdk-javadoc-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debugsource", "packageFilename": "java-1_6_0-openjdk-debugsource-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-devel", "packageFilename": "java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk", "packageFilename": "java-1_6_0-openjdk-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo-debuginfo", "packageFilename": "java-1_6_0-openjdk-demo-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-demo", "packageFilename": "java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-src", "packageFilename": "java-1_6_0-openjdk-src-1.6.0.0_b27.1.12.2-24.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.1", "packageVersion": "1.6.0.0_b27.1.12.2-24.1", "packageName": "java-1_6_0-openjdk-debuginfo", "packageFilename": "java-1_6_0-openjdk-debuginfo-1.6.0.0_b27.1.12.2-24.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "edition": 1, "reporter": "Suse", "published": "2013-02-19T11:04:35", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "java-1_6_0-openjdk to 1.12.2 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-19T11:04:35", "id": "OPENSUSE-SU-2013:0308-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:15:53", "references": ["http://support.novell.com/security/cve/CVE-2013-0424.html", "http://support.novell.com/security/cve/CVE-2013-1481.html", "http://support.novell.com/security/cve/CVE-2013-0425.html", "https://bugzilla.novell.com/show_bug.cgi?id=798535", "http://support.novell.com/security/cve/CVE-2013-1480.html", "http://support.novell.com/security/cve/CVE-2013-0442.html", "http://support.novell.com/security/cve/CVE-2013-0426.html", "http://support.novell.com/security/cve/CVE-2013-0443.html", "http://support.novell.com/security/cve/CVE-2013-0432.html", "http://support.novell.com/security/cve/CVE-2013-0434.html", "http://support.novell.com/security/cve/CVE-2013-1476.html", "http://support.novell.com/security/cve/CVE-2013-0428.html", "http://support.novell.com/security/cve/CVE-2013-1478.html", "http://support.novell.com/security/cve/CVE-2013-0440.html"], "pluginID": "65545", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various\ncritical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 /\n CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 /\n CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 /\n CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 /\n CVE-2013-0440)", "edition": 6, "reporter": "Tenable", "published": "2013-03-14T00:00:00", "title": "SuSE 11.2 Security Update : Java (SAT Patch Number 7450)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2016-12-21T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm"], "id": "SUSE_11_JAVA-1_4_2-IBM-130306.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65545", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65545);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:21:20 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\");\n\n script_name(english:\"SuSE 11.2 Security Update : Java (SAT Patch Number 7450)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various\ncritical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 /\n CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 /\n CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 /\n CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 /\n CVE-2013-0440)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=798535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 7450.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_4_2-ibm-1.4.2_sr13.15-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:53", "references": ["http://support.novell.com/security/cve/CVE-2013-0424.html", "http://support.novell.com/security/cve/CVE-2013-1481.html", "http://support.novell.com/security/cve/CVE-2013-0425.html", "http://support.novell.com/security/cve/CVE-2013-1480.html", "http://support.novell.com/security/cve/CVE-2013-0442.html", "http://support.novell.com/security/cve/CVE-2013-0426.html", "http://support.novell.com/security/cve/CVE-2013-0443.html", "http://support.novell.com/security/cve/CVE-2013-0432.html", "http://support.novell.com/security/cve/CVE-2013-0434.html", "http://support.novell.com/security/cve/CVE-2013-1476.html", "http://support.novell.com/security/cve/CVE-2013-0428.html", "http://support.novell.com/security/cve/CVE-2013-1478.html", "http://support.novell.com/security/cve/CVE-2013-0440.html"], "pluginID": "65546", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various\ncritical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 /\n CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 /\n CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 /\n CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 /\n CVE-2013-0440)", "edition": 6, "reporter": "Tenable", "published": "2013-03-14T00:00:00", "title": "SuSE 10 Security Update : Java (ZYPP Patch Number 8481)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-8481.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65546", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65546);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\");\n\n script_name(english:\"SuSE 10 Security Update : Java (ZYPP Patch Number 8481)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various\ncritical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 /\n CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 /\n CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 /\n CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 /\n CVE-2013-0440)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8481.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-1.4.2_sr13.15-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.15-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.15-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.15-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:54", "references": ["http://support.novell.com/security/cve/CVE-2013-0424.html", "http://support.novell.com/security/cve/CVE-2013-1481.html", "http://support.novell.com/security/cve/CVE-2013-0425.html", "http://support.novell.com/security/cve/CVE-2013-0427.html", "http://support.novell.com/security/cve/CVE-2013-1480.html", "http://support.novell.com/security/cve/CVE-2013-1486.html", "http://support.novell.com/security/cve/CVE-2013-0442.html", "http://support.novell.com/security/cve/CVE-2013-0426.html", "http://support.novell.com/security/cve/CVE-2013-0443.html", "http://support.novell.com/security/cve/CVE-2013-0432.html", "http://support.novell.com/security/cve/CVE-2013-0434.html", "http://support.novell.com/security/cve/CVE-2013-0445.html", "http://support.novell.com/security/cve/CVE-2013-1476.html", "http://support.novell.com/security/cve/CVE-2013-0409.html", "http://support.novell.com/security/cve/CVE-2013-0433.html", "http://support.novell.com/security/cve/CVE-2013-0428.html", "http://support.novell.com/security/cve/CVE-2013-1478.html", "http://support.novell.com/security/cve/CVE-2013-0440.html"], "pluginID": "65599", "description": "IBM Java 5 has been updated to SR16 which fixes various critical\nsecurity issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1486 / CVE-2013-1478 /\n CVE-2013-0445 / CVE-2013-1480 / CVE-2013-1476 /\n CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 /\n CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 /\n CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 /\n CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440)", "edition": 6, "reporter": "Tenable", "published": "2013-03-17T00:00:00", "title": "SuSE 10 Security Update : Java (ZYPP Patch Number 8483)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "modified": "2016-12-22T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_5_0-IBM-8483.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65599);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\");\n\n script_name(english:\"SuSE 10 Security Update : Java (ZYPP Patch Number 8483)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 5 has been updated to SR16 which fixes various critical\nsecurity issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1486 / CVE-2013-1478 /\n CVE-2013-0445 / CVE-2013-1480 / CVE-2013-1476 /\n CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 /\n CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 /\n CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 /\n CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8483.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-demo-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"java-1_5_0-ibm-src-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-devel-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_5_0-ibm-fonts-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-alsa-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-jdbc-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_5_0-ibm-plugin-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"java-1_5_0-ibm-devel-32bit-1.5.0_sr16.0-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:52", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-February/003250.html"], "pluginID": "68727", "description": "From Red Hat Security Advisory 2013:0246 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-0246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# Oracle Linux Security Advisory ELSA-2013-0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68727);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0246 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003250.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:52", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-February/003249.html"], "pluginID": "68726", "description": "From Red Hat Security Advisory 2013:0245 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0245 and \n# Oracle Linux Security Advisory ELSA-2013-0245 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68726);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0245 :\n\nUpdated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003249.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:37", "references": ["https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/security/cve/cve-2013-0425", "http://www.nessus.org/u?d4964317", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-1475", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-0441", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/errata/RHSA-2013:0245", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-0435", "https://access.redhat.com/security/cve/cve-2013-0429", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0443"], "pluginID": "64518", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "cpe:/o:redhat:enterprise_linux:6.3", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64518", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0245. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64518);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4964317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0245\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:37", "references": ["http://www.nessus.org/u?ca2a63bd"], "pluginID": "64522", "description": "Multiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie- Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.", "edition": 6, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130208_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64522", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64522);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie- Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=1486\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca2a63bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:37", "references": ["https://access.redhat.com/security/cve/cve-2013-0432", "https://access.redhat.com/security/cve/cve-2013-0445", "https://access.redhat.com/security/cve/cve-2013-0424", "https://access.redhat.com/security/cve/cve-2013-0427", "https://access.redhat.com/security/cve/cve-2013-0426", "https://access.redhat.com/security/cve/cve-2013-0425", "http://www.nessus.org/u?d4964317", "https://access.redhat.com/security/cve/cve-2013-0450", "https://access.redhat.com/security/cve/cve-2013-1475", "https://access.redhat.com/security/cve/cve-2013-0434", "https://access.redhat.com/security/cve/cve-2013-0441", "https://access.redhat.com/security/cve/cve-2013-1478", "https://access.redhat.com/errata/RHSA-2013:0246", "https://access.redhat.com/security/cve/cve-2013-0433", "https://access.redhat.com/security/cve/cve-2013-0428", "https://access.redhat.com/security/cve/cve-2013-1480", "https://access.redhat.com/security/cve/cve-2013-1476", "https://access.redhat.com/security/cve/cve-2013-0435", "https://access.redhat.com/security/cve/cve-2013-0429", "https://access.redhat.com/security/cve/cve-2013-0442", "https://access.redhat.com/security/cve/cve-2013-0440", "https://access.redhat.com/security/cve/cve-2013-0443"], "pluginID": "64519", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-0246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64519", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64519);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:52\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4964317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0428\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0246\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:38", "references": ["http://www.nessus.org/u?bedc9ea4"], "pluginID": "64536", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2013-02-11T00:00:00", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel"], "id": "CENTOS_RHSA-2013-0245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64536", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0245 and \n# CentOS Errata and Security Advisory 2013:0245 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64536);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0245\");\n\n script_name(english:\"CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bedc9ea4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:15:37", "references": ["http://www.nessus.org/u?7117ea7d"], "pluginID": "64512", "description": "Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2013-02-10T00:00:00", "title": "CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=64512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0246 and \n# CentOS Errata and Security Advisory 2013:0246 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64512);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_xref(name:\"RHSA\", value:\"2013:0246\");\n\n script_name(english:\"CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix several security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441,\nCVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially crafted image\ncould cause Java Virtual Machine memory corruption and, possibly, lead\nto arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict\naccess to certain com.sun.xml.internal packages. An untrusted Java\napplication or applet could use this flaw to access information,\nbypassing certain Java sandbox restrictions. This update lists the\nwhole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Networking, and JAXP components. An untrusted Java\napplication or applet could use these flaws to bypass certain Java\nsandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could\nuse this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE\ncomponent did not properly enforce handshake message ordering,\nallowing an unlimited number of handshake restarts. A remote attacker\ncould use this flaw to make an SSL/TLS server using JSSE consume an\nexcessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this\nflaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further\ninformation.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7117ea7d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:41:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.0-1jpp.1.el5_9", "arch": "ppc", "packageName": "java-1.5.0-ibm-demo", "packageFilename": "java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443,\nCVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running instances\nof IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0624) Critical: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-5085", "CVE-2013-0409", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0440", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:37", "id": "RHSA-2013:0624", "href": "https://access.redhat.com/errata/RHSA-2013:0624", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:15", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "arch": "i386", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0246) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:07:12", "id": "RHSA-2013:0246", "href": "https://access.redhat.com/errata/RHSA-2013:0246", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0245) Critical: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:33", "id": "RHSA-2013:0245", "href": "https://access.redhat.com/errata/RHSA-2013:0245", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.13.0-1jpp.2.el5_9", "arch": "ppc", "packageName": "java-1.6.0-ibm-demo", "packageFilename": "java-1.6.0-ibm-demo-1.6.0.13.0-1jpp.2.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3213,\nCVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1493)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR13 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0625) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:26", "id": "RHSA-2013:0625", "href": "https://access.redhat.com/errata/RHSA-2013:0625", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:15", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0247) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:22", "id": "RHSA-2013:0247", "href": "https://access.redhat.com/errata/RHSA-2013:0247", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:59", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.39-1jpp.1.el6_3", "arch": "i686", "packageName": "java-1.6.0-sun", "packageFilename": "java-1.6.0-sun-1.6.0.39-1jpp.1.el6_3.i686.rpm", "operator": "lt"}], "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,\nCVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446,\nCVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 39. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-02-04T05:00:00", "type": "redhat", "title": "(RHSA-2013:0236) Critical: java-1.6.0-sun security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-1473", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:13", "id": "RHSA-2013:0236", "href": "https://access.redhat.com/errata/RHSA-2013:0236", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:03", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.4.0-1jpp.2.el5_9", "arch": "ppc", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm", "operator": "lt"}], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3174,\nCVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419,\nCVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433,\nCVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473,\nCVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485,\nCVE-2013-1486, CVE-2013-1487, CVE-2013-1493)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR4 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-11T04:00:00", "type": "redhat", "title": "(RHSA-2013:0626) Critical: java-1.7.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2012-1541", "CVE-2012-3174", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0422", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:36", "id": "RHSA-2013:0626", "href": "https://access.redhat.com/errata/RHSA-2013:0626", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:32", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-06T05:00:00", "type": "redhat", "title": "(RHSA-2013:0603) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:10:12", "id": "RHSA-2013:0603", "href": "https://access.redhat.com/errata/RHSA-2013:0603", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:42", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "arch": "i386", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-06T05:00:00", "type": "redhat", "title": "(RHSA-2013:0604) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:13:37", "id": "RHSA-2013:0604", "href": "https://access.redhat.com/errata/RHSA-2013:0604", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nNote: If your system has not yet been upgraded to Red Hat Enterprise Linux\n6.4 and the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. Thus, this\nupdate has been rated as having critical security impact as a one time\nexception. The icedtea-web package as provided with Red Hat Enterprise\nLinux 6.4 uses OpenJDK 7 instead.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-03-06T05:00:00", "type": "redhat", "title": "(RHSA-2013:0605) Critical: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:34", "id": "RHSA-2013:0605", "href": "https://access.redhat.com/errata/RHSA-2013:0605", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:56:38", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "2013:0246"], "pluginID": "1361412562310881597", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "CentOS Update for java CESA-2013:0246 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0246 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881597\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:22:14 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0246\");\n script_name(\"CentOS Update for java CESA-2013:0246 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-24T11:09:21", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "2013:0245"], "pluginID": "881598", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CentOS Update for java CESA-2013:0245 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-01-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881598", "id": "OPENVAS:881598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0245 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n \n This errat ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\");\n script_id(881598);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:23:28 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0245\");\n script_name(\"CentOS Update for java CESA-2013:0245 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:51:33", "references": ["2013:0245-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html"], "pluginID": "870906", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870906", "id": "OPENVAS:870906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issue ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html\");\n script_id(870906);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:18:16 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0245-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\");\n\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:15:43", "references": ["2013:0246-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html"], "pluginID": "1361412562310870905", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870905", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870905\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:17:05 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0246-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:14:47", "references": ["2013:0245-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html"], "pluginID": "1361412562310870906", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870906", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870906", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00013.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870906\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:18:16 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2013:0245-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issue ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:14", "references": ["http://linux.oracle.com/errata/ELSA-2013-0246.html"], "pluginID": "1361412562310123727", "description": "Oracle Linux Local Security Checks ELSA-2013-0246", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0246", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123727", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123727", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0246.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123727\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0246\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0246 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0246\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0246.html\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1480\", \"CVE-2013-1478\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-1476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:41", "references": ["http://linux.oracle.com/errata/ELSA-2013-0245.html"], "pluginID": "1361412562310123729", "description": "Oracle Linux Local Security Checks ELSA-2013-0245", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-0245", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123729", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123729", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0245.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123729\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:46 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0245\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0245 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0245\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0245.html\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-05T11:11:35", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "2013:0246"], "pluginID": "881597", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "CentOS Update for java CESA-2013:0246 centos5 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-02-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881597", "id": "OPENVAS:881597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0246 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n \n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\");\n script_id(881597);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:22:14 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0246\");\n script_name(\"CentOS Update for java CESA-2013:0246 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:34", "references": ["2013:0246-01", "https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html"], "pluginID": "870905", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870905", "id": "OPENVAS:870905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n\n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n\n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n\n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n\n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n\n This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\n the NEWS file, linked to in the References, for further information.\n\n All users of java-1.6.0-openjdk are advised to upgrade to these updated\n packages, which resolve these issues. All running instances of OpenJDK Java\n must be restarted for the update to take effect.\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00014.html\");\n script_id(870905);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:17:05 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2013:0246-01\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.33.1.11.6.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:09", "references": ["http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "2013:0245"], "pluginID": "1361412562310881598", "description": "Check for the Version of java", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-02-11T00:00:00", "title": "CentOS Update for java CESA-2013:0245 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:0245 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple improper permission check issues were discovered in the AWT,\n CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\n application or applet could use these flaws to bypass Java sandbox\n restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\n CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\n CVE-2013-0428)\n \n Multiple flaws were found in the way image parsers in the 2D and AWT\n components handled image raster parameters. A specially-crafted image could\n cause Java Virtual Machine memory corruption and, possibly, lead to\n arbitrary code execution with the virtual machine privileges.\n (CVE-2013-1478, CVE-2013-1480)\n \n A flaw was found in the AWT component's clipboard handling code. An\n untrusted Java application or applet could use this flaw to access\n clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n \n The default Java security properties configuration did not restrict access\n to certain com.sun.xml.internal packages. An untrusted Java application or\n applet could use this flaw to access information, bypassing certain Java\n sandbox restrictions. This update lists the whole package as restricted.\n (CVE-2013-0435)\n \n Multiple improper permission check issues were discovered in the Libraries,\n Networking, and JAXP components. An untrusted Java application or applet\n could use these flaws to bypass certain Java sandbox restrictions.\n (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n \n It was discovered that the RMI component's CGIHandler class used user\n inputs in error messages without any sanitization. An attacker could use\n this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n \n It was discovered that the SSL/TLS implementation in the JSSE component\n did not properly enforce handshake message ordering, allowing an unlimited\n number of handshake restarts. A remote attacker could use this flaw to\n make an SSL/TLS server using JSSE consume an excessive amount of CPU by\n continuously restarting the handshake. (CVE-2013-0440)\n \n It was discovered that the JSSE component did not properly validate\n Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\n to perform a small subgroup attack. (CVE-2013-0443)\n \n Note: If the web browser plug-in provided by the icedtea-web package was\n installed, the issues exposed via Java applets could have been exploited\n without user interaction if a user visited a malicious website.\n \n This errat ... \n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881598\");\n script_version(\"$Revision: 9353 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-11 10:23:28 +0530 (Mon, 11 Feb 2013)\");\n script_cve_id(\"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\",\n \"CVE-2013-0428\", \"CVE-2013-0429\", \"CVE-2013-0432\", \"CVE-2013-0433\",\n \"CVE-2013-0434\", \"CVE-2013-0435\", \"CVE-2013-0440\", \"CVE-2013-0441\",\n \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\",\n \"CVE-2013-1475\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2013:0245\");\n script_name(\"CentOS Update for java CESA-2013:0245 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.54.1.11.6.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:04", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0245.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0245\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0245.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-09T11:03:54", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-09T11:03:54", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "id": "CESA-2013:0245", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:41", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0246.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0246\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0246.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-08T22:39:51", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T22:39:51", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "id": "CESA-2013:0246", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:26", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0247.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.el5_9", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.el6_3", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0247\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019232.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019234.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0247.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-02-09T00:57:50", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-09T11:04:30", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019232.html", "id": "CESA-2013:0247", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-04T13:00:22", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0602.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el6_4.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0602\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000823.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0602.html", "edition": 4, "reporter": "CentOS Project", "published": "2013-03-06T21:09:16", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T21:09:16", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000823.html", "id": "CESA-2013:0602", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-04T12:59:45", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0605.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "any", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0605\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nNote: If your system has not yet been upgraded to Red Hat Enterprise Linux\n6.4 and the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. Thus, this\nupdate has been rated as having critical security impact as a one time\nexception. The icedtea-web package as provided with Red Hat Enterprise\nLinux 6.4 uses OpenJDK 7 instead.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000822.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0605.html", "edition": 4, "reporter": "CentOS Project", "published": "2013-03-06T21:08:42", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T21:08:42", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000822.html", "id": "CESA-2013:0605", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:22", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0604.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.el5_9", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "arch": "any", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0604\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019267.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0604.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-06T21:15:03", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T21:15:03", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019267.html", "id": "CESA-2013:0604", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:58", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0603.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "i386", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.el5_9.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.el5_9", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.el5_9.src.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0603\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019268.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0603.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-03-06T21:16:37", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T21:16:37", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019268.html", "id": "CESA-2013:0603", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:24", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.54.1.11.6.el6_3", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}], "description": "[1:1.6.0.0-1.54.1.11.6]\n- removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch8: 7201064.patch to be reverted\n- added patch9: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.53.1.11.6]\n- added patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.51.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906707", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0245", "href": "http://linux.oracle.com/errata/ELSA-2013-0245.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:31", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.33.1.11.6.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.33.1.11.6.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.33.1.11.6.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.33.1.11.6]\n- removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch9: 7201064.patch to be reverted\n- added patch10: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.32.1.11.6]\n- added patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.31.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906705", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0246", "href": "http://linux.oracle.com/errata/ELSA-2013-0246.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:38", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.0.1.el6_3.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.5.3.0.1.el6_3", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.0.1.el6_3.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1.7.0.9-2.3.5.3.0.1.el6_3]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.5.3.el6_3]\n- Sync logging fixes with upstream (icedtea7-forest and jdk7u)\n[1.7.0.9-2.3.5.1.el6_3]\n- Removed 6664509 backout and added 8005615 to fix the issue\n[1.7.0.9-2.3.5.el6_3.1]\n- Backed out 6664509 and 7201064.patch which cause regressions\n[1.7.0.9-2.3.5.el6_3]\n- Bumped to 2.3.5\n- Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5\n- Resolves: rhbz#906707", "edition": 3, "reporter": "Oracle", "published": "2013-02-08T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2013-02-08T00:00:00", "id": "ELSA-2013-0247", "href": "http://linux.oracle.com/errata/ELSA-2013-0247.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:58", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.57.1.11.9.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.57.1.11.9.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.57.1.11.9.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.57.1.11.9.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[1:1.6.0.0-1.57.1.11.9]\n- Updated to icedtea6 1.11.9\n- Resolves: rhbz#917179", "edition": 3, "reporter": "Oracle", "published": "2013-03-06T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T00:00:00", "id": "ELSA-2013-0605", "href": "http://linux.oracle.com/errata/ELSA-2013-0605.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:48", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.0.1.el5_9.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el5_9.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.0.1.el5_9.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}], "description": "[1.7.0.9-2.3.8.0.0.1.el5_9]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.9-2.3.8.0.el5_9]\n- Updated to icedtea7-forest-2.3\n- Resolves: rhbz#917181", "edition": 3, "reporter": "Oracle", "published": "2013-03-06T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T00:00:00", "id": "ELSA-2013-0603", "href": "http://linux.oracle.com/errata/ELSA-2013-0603.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:42", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.9-2.3.8.0.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1.7.0.9-2.3.8.0.0.1.el6_4]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.8.0el6]\n- Revert to rhel 6.3 version of spec file\n- Revert to icedtea7 2.3.8 forest\n- Resolves: rhbz#917183\n[1.7.0.11-2.4.0.pre5.el6]\n- Update to latest snapshot of icedtea7 2.4 forest\n- Resolves: rhbz#917183\n[1.7.0.9-2.4.0.pre4.3.el6]\n- Updated to icedtea 2.4.0.pre4,\n- Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#911530\n[1.7.0.9-2.4.0.pre3.3.el6]\n- Updated to icedtea 2.4.0.pre3, updated!\n- Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#911530\n[1.7.0.9-2.4.0.pre2.3.el6]\n- Removed testing\n - mauve was outdated and\n - jtreg was icedtea relict\n- Updated to icedtea 2.4.0.pre2, updated?\n- Added java -Xshare:dump to post (see 513605) fo jitarchs\n- Resolves: rhbz#911530\n[1.7.0.11-2.4.0.2.el6]\n- Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch\n- Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch\n- Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch\n- Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch\n- NSS enabled by default - enable_nss set to 1\n- rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch\n- rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch\n- Resolves: rhbz#831734\n[1.7.0.11-2.4.0.1.el6]\n- Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch\n- Added jxmd and idlj to alternatives\n- make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true\n- Unapplied patch302 and deleted systemtap.patch\n- buildver increased to 11\n- icedtea_version set to 2.4.0\n- Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch\n- removed tmp-patches source tarball\n- Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar\n- Disabled nss - enable_nss set to 0\n- Resolves: rhbz#895034", "edition": 3, "reporter": "Oracle", "published": "2013-03-06T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T00:00:00", "id": "ELSA-2013-0602", "href": "http://linux.oracle.com/errata/ELSA-2013-0602.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:48:49", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.0.1.el5_9.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.36.1.11.9.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.36.1.11.9.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.36.1.11.9.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.36.1.11.9.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.0.1.el5_9.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.36.1.11.9.0.1.el5_9", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.36.1.11.9.0.1.el5_9.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}], "description": "[ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.36.1.11.9]\n- Updated to icedtea6 1.11.9\n- Resolves: rhbz#917176", "edition": 3, "reporter": "Oracle", "published": "2013-03-06T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-06T00:00:00", "id": "ELSA-2013-0604", "href": "http://linux.oracle.com/errata/ELSA-2013-0604.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2017-11-30T12:08:06", "references": ["http://rhn.redhat.com/errata/RHSA-2012-1386.html", "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "http://rhn.redhat.com/errata/RHSA-2012-1392.html", "http://rhn.redhat.com/errata/RHSA-2012-1391.html", "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.securityfocus.com/bid/56067", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "http://rhn.redhat.com/errata/RHSA-2012-1385.html", "http://marc.info/?l=bugtraq&m=135758563611658&w=2", "http://marc.info/?l=bugtraq&m=135542848327757&w=2"], "edition": 4, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.", "reporter": "NVD", "published": "2012-10-16T17:55:02", "title": "CVE-2012-5085", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16654", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16654"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5085"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0.200:update20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.6.0.210:update21", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7"], "modified": "2017-11-29T21:29:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5085", "id": "CVE-2012-5085", "cvss": {"score": 0.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://www.securityfocus.com/bid/57728", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0409", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16530", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16530"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0409"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:38", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0409", "id": "CVE-2013-0409", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "https://bugzilla.redhat.com/show_bug.cgi?id=906900", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://www.securityfocus.com/bid/57689", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0445", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16680", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16680"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0445"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445", "id": "CVE-2013-0445", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de", "http://www.securityfocus.com/bid/57709", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0425", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16058", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16058"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0425"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425", "id": "CVE-2013-0425", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:40", "references": ["http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f", "http://marc.info/?l=bugtraq&m=136570436423916&w=2", "https://bugzilla.redhat.com/show_bug.cgi?id=906904", "http://www.securityfocus.com/bid/57691", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" in awt_parseImage.c, which triggers memory corruption.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-1480", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16045", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16045"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-1480"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:36:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480", "id": "CVE-2013-1480", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "https://bugzilla.redhat.com/show_bug.cgi?id=907340", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://www.securityfocus.com/bid/57702", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0443", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:15832", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0443"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443", "id": "CVE-2013-0443", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.securityfocus.com/bid/57712", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://bugzilla.redhat.com/show_bug.cgi?id=859140", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.", "reporter": "NVD", "published": "2013-02-01T19:55:02", "title": "CVE-2013-0440", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16558", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16558"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0440"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0440", "id": "CVE-2013-0440", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:38:34", "references": ["http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219", "http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://rhn.redhat.com/errata/RHSA-2013-0246.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "http://rhn.redhat.com/errata/RHSA-2013-0247.html", "http://www.kb.cert.org/vuls/id/858729", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da", "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "http://www.securityfocus.com/bid/57727", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-0236.html", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "http://rhn.redhat.com/errata/RHSA-2013-0245.html", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient clipboard access premission checks.\"", "reporter": "NVD", "published": "2013-02-01T19:55:01", "title": "CVE-2013-0432", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:16567", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16567"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0432"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.4.2_4", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jdk:1.4.2_38", "cpe:/a:sun:jre:1.4.2_21", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.4.2_9", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jre:1.4.2_31", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jdk:1.4.2_23", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:sun:jre:1.4.2_7", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:sun:jdk:1.4.2_14", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.4.2_9", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:sun:jre:1.4.2_19", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jdk:1.4.2_26", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:sun:jre:1.4.2_5", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jdk:1.4.2_7", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.4.2_29", "cpe:/a:sun:jre:1.4.2_11", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:sun:jre:1.4.2_12", "cpe:/a:sun:jre:1.4.2_16", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:sun:jdk:1.4.2_11", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:sun:jre:1.4.2_14", "cpe:/a:sun:jre:1.4.2_18", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_28", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jdk:1.4.2_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:sun:jre:1.4.2_3", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_6", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_27", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_6", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.4.2_15", "cpe:/a:sun:jre:1.4.2_25", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:sun:jdk:1.4.2_4", "cpe:/a:sun:jdk:1.4.2_37", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jre:1.4.2_1", "cpe:/a:sun:jdk:1.4.2_33", "cpe:/a:sun:jdk:1.4.2_16", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jre:1.4.2_29", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jre:1.4.2_20", "cpe:/a:sun:jdk:1.4.2_3", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jre:1.4.2_26", "cpe:/a:sun:jre:1.4.2_27", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jre:1.4.2_38", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:sun:jdk:1.4.2", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jre:1.4.2_30", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.4.2_35", "cpe:/a:sun:jre:1.4.2_15", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jre:1.4.2_28", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jdk:1.4.2_30", "cpe:/a:sun:jdk:1.4.2_18", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jre:1.4.2_8", "cpe:/a:sun:jdk:1.4.2_35", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jdk:1.4.2_5", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jdk:1.4.2_8", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.4.2", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jdk:1.4.2_17", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:sun:jdk:1.4.2_1", "cpe:/a:sun:jre:1.4.2_34", "cpe:/a:sun:jdk:1.4.2_25", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jdk:1.4.2_10", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jre:1.4.2_32", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:sun:jre:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.4.2_13", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:sun:jdk:1.4.2_36", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jdk:1.4.2_19", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.4.2_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:sun:jdk:1.4.2_22", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.4.2_12", "cpe:/a:sun:jre:1.4.2_23", "cpe:/a:oracle:jre:1.4.2_40", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.4.2_37", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jre:1.4.2_33", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.4.2_36", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:sun:jre:1.4.2_2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jre:1.4.2_24", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:sun:jre:1.4.2_13", "cpe:/a:sun:jdk:1.4.2_2", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.4.2_34", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:40", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432", "id": "CVE-2013-0432", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:40", "references": ["http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html", "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html", "http://www.securityfocus.com/bid/58029", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.us-cert.gov/cas/techalerts/TA13-051A.html", "http://www.ubuntu.com/usn/USN-1735-1", "http://marc.info/?l=bugtraq&m=136733161405818&w=2"], "edition": 3, "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "reporter": "NVD", "published": "2013-02-20T16:55:02", "title": "CVE-2013-1486", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19402", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19402"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-1486"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.5.0:update_39", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:oracle:jdk:1.5.0:update_39", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:36:06", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1486", "id": "CVE-2013-1486", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:37", "references": ["http://marc.info/?l=bugtraq&m=136570436423916&w=2", "http://www.ubuntu.com/usn/USN-1755-2", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "http://www.securityfocus.com/bid/58296", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html", "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html", "http://rhn.redhat.com/errata/RHSA-2013-0601.html", "http://www.us-cert.gov/ncas/alerts/TA13-064A", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://rhn.redhat.com/errata/RHSA-2013-0603.html", "http://www.kb.cert.org/vuls/id/688246", "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html", "http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html", "http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1915099.xml", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088", "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html", "http://rhn.redhat.com/errata/RHSA-2013-0604.html"], "edition": 3, "description": "Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.", "reporter": "NVD", "published": "2013-03-05T17:06:33", "title": "CVE-2013-0809", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19076", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19076"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-0809"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2017-09-18T21:35:51", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0809", "id": "CVE-2013-0809", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:21", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0247.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.17.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.5.3.17.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-0442 __](<https://access.redhat.com/security/cve/CVE-2013-0442>), [CVE-2013-0445 __](<https://access.redhat.com/security/cve/CVE-2013-0445>), [CVE-2013-0441 __](<https://access.redhat.com/security/cve/CVE-2013-0441>), [CVE-2013-1475 __](<https://access.redhat.com/security/cve/CVE-2013-1475>), [CVE-2013-1476 __](<https://access.redhat.com/security/cve/CVE-2013-1476>), [CVE-2013-0429 __](<https://access.redhat.com/security/cve/CVE-2013-0429>), [CVE-2013-0450 __](<https://access.redhat.com/security/cve/CVE-2013-0450>), [CVE-2013-0425 __](<https://access.redhat.com/security/cve/CVE-2013-0425>), [CVE-2013-0426 __](<https://access.redhat.com/security/cve/CVE-2013-0426>), [CVE-2013-0428 __](<https://access.redhat.com/security/cve/CVE-2013-0428>), [CVE-2013-0444 __](<https://access.redhat.com/security/cve/CVE-2013-0444>))\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. ([CVE-2013-1478 __](<https://access.redhat.com/security/cve/CVE-2013-1478>), [CVE-2013-1480 __](<https://access.redhat.com/security/cve/CVE-2013-1480>))\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. ([CVE-2013-0432 __](<https://access.redhat.com/security/cve/CVE-2013-0432>))\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. ([CVE-2013-0435 __](<https://access.redhat.com/security/cve/CVE-2013-0435>))\n\nMultiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-0431 __](<https://access.redhat.com/security/cve/CVE-2013-0431>), [CVE-2013-0427 __](<https://access.redhat.com/security/cve/CVE-2013-0427>), [CVE-2013-0433 __](<https://access.redhat.com/security/cve/CVE-2013-0433>), [CVE-2013-0434 __](<https://access.redhat.com/security/cve/CVE-2013-0434>))\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. ([CVE-2013-0424 __](<https://access.redhat.com/security/cve/CVE-2013-0424>))\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. ([CVE-2013-0440 __](<https://access.redhat.com/security/cve/CVE-2013-0440>))\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. ([CVE-2013-0443 __](<https://access.redhat.com/security/cve/CVE-2013-0443>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.17.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:31:00", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:21", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "modified": "2014-09-15T22:31:00", "id": "ALAS-2013-156", "href": "https://alas.aws.amazon.com/ALAS-2013-156.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:15", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0245.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-54.1.11.6.48.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions.\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted.\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:30:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:15", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440"], "modified": "2014-09-15T22:30:00", "id": "ALAS-2013-155", "href": "https://alas.aws.amazon.com/ALAS-2013-155.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:11", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0602.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.22.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.9-2.3.8.0.22.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-0809 __](<https://access.redhat.com/security/cve/CVE-2013-0809>))\n\nIt was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-1493 __](<https://access.redhat.com/security/cve/CVE-2013-1493>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.22.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:39:00", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:11", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2014-09-15T22:39:00", "id": "ALAS-2013-168", "href": "https://alas.aws.amazon.com/ALAS-2013-168.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:03", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0605.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-57.1.11.9.52.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-0809 __](<https://access.redhat.com/security/cve/CVE-2013-0809>))\n\nIt was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-1493 __](<https://access.redhat.com/security/cve/CVE-2013-1493>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-15T22:39:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:03", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2014-09-15T22:39:00", "id": "ALAS-2013-167", "href": "https://alas.aws.amazon.com/ALAS-2013-167.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:05", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3342", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0429", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0409", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0434", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0450", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0428", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0444", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0433", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0432", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0427", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0425", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0438", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0419", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1478", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0448", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0441", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0435", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1476", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0440", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1473", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1475", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3213", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0445", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0442", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0424", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0430", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0426", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1480", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0443", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1481", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0351", "https://people.canonical.com/~ubuntu-security/cve/CVE-2012-1541", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0449", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0446"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u13-2.3.6-0ubuntu0.12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.1-2ubuntu0.11.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.1-2ubuntu0.12.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.1-2ubuntu0.10.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438)\n\nSeveral data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-0444)\n\nA data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0448)\n\nAn information disclosure vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0449)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 12.10. (CVE-2013-1481)", "edition": 3, "reporter": "Ubuntu", "published": "2013-02-14T00:00:00", "title": "OpenJDK vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0426", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2012-3342", "CVE-2013-1473", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-1476", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425", "CVE-2013-0441", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0419"], "modified": "2013-02-14T00:00:00", "id": "USN-1724-1", "href": "https://usn.ubuntu.com/1724-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0809", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1493"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.3-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.3-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.3-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.3-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.3-0ubuntu1~10.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.3-0ubuntu1~12.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "11.10", "packageVersion": "6b27-1.12.3-0ubuntu1~11.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}], "description": "It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809)\n\nIt was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. (CVE-2013-1493)", "edition": 3, "reporter": "Ubuntu", "published": "2013-03-05T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-05T00:00:00", "id": "USN-1755-1", "href": "https://usn.ubuntu.com/1755-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:18", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0809", "https://usn.ubuntu.com/usn/usn-1755-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1493"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u15-2.3.7-0ubuntu1~12.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}], "description": "USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7.\n\nOriginal advisory details:\n\nIt was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809)\n\nIt was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. (CVE-2013-1493)", "edition": 3, "reporter": "Ubuntu", "published": "2013-03-07T00:00:00", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "modified": "2013-03-07T00:00:00", "id": "USN-1755-2", "href": "https://usn.ubuntu.com/1755-2/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-13T14:30:54", "references": ["http://www.zerodayinitiative.com/advisories/ZDI-13-149/", "http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html", "http://support.apple.com/kb/HT5677", "http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_March_2013_Security_Alert", "http://malware.dontneedcoffee.com/2013/07/pep-new-bep.html", "http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html", "http://www.kb.cert.org/vuls/id/688246", "http://www.oracle.com/technetwork/java/index.html"], "description": "### Description\n\nOracle Java SE is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. This vulnerability affects the following supported versions: JDK and JRE 7 Update 15 and prior JDK and JRE 6 Update 41 and prior JDK and JRE 5.0 Update 40 and prior\n\n### Technologies Affected\n\n * Apple Mac OS X 10.6.8 \n * Apple Mac OS X 10.7 \n * Apple Mac OS X 10.7.1 \n * Apple Mac OS X 10.7.2 \n * Apple Mac OS X 10.7.3 \n * Apple Mac OS X 10.7.4 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8 \n * Apple Mac OS X 10.8.1 \n * Apple Mac OS X 10.8.2 \n * Apple Mac OS X Server 10.0.1 \n * Apple Mac OS X Server 10.6.8 \n * Apple Mac OS X Server 10.7 \n * Apple Mac OS X Server 10.7.1 \n * Apple Mac OS X Server 10.7.2 \n * Apple Mac OS X Server 10.7.3 \n * Apple Mac OS X Server 10.7.4 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Enablement Services 6.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 2.1 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Communication Manager 5.2 \n * Avaya Aura Communication Manager 5.2.1 \n * Avaya Aura Communication Manager 5.2.1 SP2 \n * Avaya Aura Communication Manager 5.2.1 SP5 \n * Avaya Aura Communication Manager 6.0 \n * Avaya Aura Communication Manager 6.0.1 \n * Avaya Aura Communication Manager 6.2 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.2.4.0.15 \n * Avaya Aura Communication Manager Utility Services 6.2.5.0.15 \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0 SP1 \n * Avaya Aura Experience Portal 6.0 SP2 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura SIP Enablement Services 5.0 \n * Avaya Aura SIP Enablement Services 5.1 \n * Avaya Aura SIP Enablement Services 5.2 \n * Avaya Aura SIP Enablement Services 5.2.1 \n * Avaya Aura Session Manager 1.1 \n * Avaya Aura Session Manager 1.1.1 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.2.3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 6.0 \n * Avaya Aura System Platform 6.0 SP2 \n * Avaya Aura System Platform 6.0 SP3 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2 SP1 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.2.1.0.9 \n * Avaya Call Management System R 15 \n * Avaya Call Management System R 16 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0 SP1 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IP Office Server Edition 8.0 \n * Avaya IP Office Server Edition 8.1 \n * Avaya IQ 4.0 \n * Avaya IQ 4.1.0 \n * Avaya IQ 4.2 \n * Avaya IQ 5 \n * Avaya IQ 5.1 \n * Avaya IQ 5.1.1 \n * Avaya IQ 5.2 \n * Avaya IR 4.0 \n * Avaya Meeting Exchange - Client Registration Server 6.0 \n * Avaya Meeting Exchange - Recording Server 6.0 \n * Avaya Meeting Exchange - Streaming Server 6.0 \n * Avaya Meeting Exchange - Web Conferencing Server 6.0 \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Message Networking 5.2 \n * Avaya Message Networking 5.2 SP1 \n * Avaya Message Networking 5.2 SP3 \n * Avaya Message Networking 5.2.1 \n * Avaya Message Networking 5.2.2 \n * Avaya Message Networking 5.2.3 \n * Avaya Message Networking 5.2.4 \n * Avaya Message Networking 5.2.5 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Storage Server 5.2.12 \n * Avaya Messaging Storage Server 5.2.13 \n * Avaya Messaging Storage Server 5.2.14 \n * Avaya Messaging Storage Server 5.2.2 \n * Avaya Messaging Storage Server 5.2.8 \n * Avaya Messaging Storage Server 5.2.9 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.0 SP1 \n * Avaya Voice Portal 5.0 SP2 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1 SP1 \n * Avaya Voice Portal 5.1 SP3 \n * Avaya Voice Portal 5.1 Sp2 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Fedoraproject Fedora 17 \n * Fedoraproject Fedora 18 \n * Gentoo Linux \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.31 \n * HP NonStop Server H06.15.00 \n * HP NonStop Server H06.15.01 \n * HP NonStop Server H06.15.02 \n * HP NonStop Server H06.16.00 \n * HP NonStop Server H06.16.01 \n * HP NonStop Server H06.16.02 \n * HP NonStop Server H06.17.00 \n * HP NonStop Server H06.17.01 \n * HP NonStop Server H06.17.02 \n * HP NonStop Server H06.17.03 \n * HP NonStop Server H06.18.00 \n * HP NonStop Server H06.18.01 \n * HP NonStop Server H06.18.02 \n * HP NonStop Server H06.19.00 \n * HP NonStop Server H06.19.01 \n * HP NonStop Server H06.19.02 \n * HP NonStop Server H06.19.03 \n * HP NonStop Server H06.20.00 \n * HP NonStop Server H06.20.01 \n * HP NonStop Server H06.20.02 \n * HP NonStop Server H06.20.03 \n * HP NonStop Server H06.21.00 \n * HP NonStop Server H06.21.01 \n * HP NonStop Server H06.21.02 \n * HP NonStop Server H06.22.00 \n * HP NonStop Server H06.22.01 \n * HP NonStop Server H06.23 \n * HP NonStop Server H06.24 \n * HP NonStop Server H06.24.01 \n * HP NonStop Server H06.25 \n * HP NonStop Server H06.25.01 \n * HP NonStop Server H06.26 \n * HP NonStop Server H06.26.01 \n * HP NonStop Server H06.27 \n * HP NonStop Server J06.04.00 \n * HP NonStop Server J06.04.01 \n * HP NonStop Server J06.04.02 \n * HP NonStop Server J06.05.00 \n * HP NonStop Server J06.05.01 \n * HP NonStop Server J06.05.02 \n * HP NonStop Server J06.06.00 \n * HP NonStop Server J06.06.01 \n * HP NonStop Server J06.06.02 \n * HP NonStop Server J06.06.03 \n * HP NonStop Server J06.07.00 \n * HP NonStop Server J06.07.01 \n * HP NonStop Server J06.07.02 \n * HP NonStop Server J06.08.00 \n * HP NonStop Server J06.08.01 \n * HP NonStop Server J06.08.02 \n * HP NonStop Server J06.08.03 \n * HP NonStop Server J06.08.04 \n * HP NonStop Server J06.09.00 \n * HP NonStop Server J06.09.01 \n * HP NonStop Server J06.09.02 \n * HP NonStop Server J06.09.03 \n * HP NonStop Server J06.09.04 \n * HP NonStop Server J06.10.00 \n * HP NonStop Server J06.10.01 \n * HP NonStop Server J06.10.02 \n * HP NonStop Server J06.11.00 \n * HP NonStop Server J06.11.01 \n * HP NonStop Server J06.12.00 \n * HP NonStop Server J06.13 \n * HP NonStop Server J06.13.01 \n * HP NonStop Server J06.14 \n * HP NonStop Server J06.14.02 \n * HP NonStop Server J06.15 \n * HP NonStop Server J06.15.01 \n * HP NonStop Server J06.16 \n * HP NonStop Server J6.0.14.01 \n * HP Service Manager 7.11 \n * HP Service Manager 9.31 \n * HP Service Manager 9.32 \n * HP Service Manager 9.33 \n * Hitachi Cosminexus Application Server 05-00 (AIX) \n * Hitachi Cosminexus Application Server 05-00 (HP-UX) \n * Hitachi Cosminexus Application Server 05-00 (Windows) \n * Hitachi Cosminexus Application Server 05-00-/A (AIX) \n * Hitachi Cosminexus Application Server 05-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/B (AIX) \n * Hitachi Cosminexus Application Server 05-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/C (AIX) \n * Hitachi Cosminexus Application Server 05-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/D (AIX) \n * Hitachi Cosminexus Application Server 05-00-/E (AIX) \n * Hitachi Cosminexus Application Server 05-00-/F (AIX) \n * Hitachi Cosminexus Application Server 05-00-/G (AIX) \n * Hitachi Cosminexus Application Server 05-00-/H (AIX) \n * Hitachi Cosminexus Application Server 05-00-/I (AIX) \n * Hitachi Cosminexus Application Server 05-00-/I (Windows) \n * Hitachi Cosminexus Application Server 05-00-/J (AIX) \n * Hitachi Cosminexus Application Server 05-00-/K (AIX) \n * Hitachi Cosminexus Application Server 05-00-/L (AIX) \n * Hitachi Cosminexus Application Server 05-00-/M (AIX) \n * Hitachi Cosminexus Application Server 05-00-/N (AIX) \n * Hitachi Cosminexus Application Server 05-00-/O (AIX) \n * Hitachi Cosminexus Application Server 05-00-/P (AIX) \n * Hitachi Cosminexus Application Server 05-00-/Q (AIX) \n * Hitachi Cosminexus Application Server 05-00-/R (AIX) \n * Hitachi Cosminexus Application Server 05-00-/S (AIX) \n * Hitachi Cosminexus Application Server 05-01 (Windows) \n * Hitachi Cosminexus Application Server 05-01-/A (Windows) \n * Hitachi Cosminexus Application Server 05-01-/B (Windows) \n * Hitachi Cosminexus Application Server 05-01-/C (Windows) \n * Hitachi Cosminexus Application Server 05-01-/D (Windows) \n * Hitachi Cosminexus Application Server 05-01-/E (Windows) \n * Hitachi Cosminexus Application Server 05-01-/F (Windows) \n * Hitachi Cosminexus Application Server 05-01-/G (Windows) \n * Hitachi Cosminexus Application Server 05-01-/H (Windows) \n * Hitachi Cosminexus Application Server 05-01-/I (Windows) \n * Hitachi Cosminexus Application Server 05-01-/J (Windows) \n * Hitachi Cosminexus Application Server 05-01-/K (Windows) \n * Hitachi Cosminexus Application Server 05-01-/L (Windows) \n * Hitachi Cosminexus Application Server 05-02 (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/D (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (AIX) \n * Hitachi Cosminexus Application Server 05-05 (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (Linux) \n * Hitachi Cosminexus Application Server 05-05 (Windows) \n * Hitachi Cosminexus Application Server 05-05-/A (AIX) \n * Hitachi Cosminexus Application Server 05-05-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/A (Linux) \n * Hitachi Cosminexus Application Server 05-05-/A (Windows) \n * Hitachi Cosminexus Application Server 05-05-/B (AIX) \n * Hitachi Cosminexus Application Server 05-05-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/B (Linux) \n * Hitachi Cosminexus Application Server 05-05-/B (Windows) \n * Hitachi Cosminexus Application Server 05-05-/C (AIX) \n * Hitachi Cosminexus Application Server 05-05-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/C (Linux) \n * Hitachi Cosminexus Application Server 05-05-/C (Windows) \n * Hitachi Cosminexus Application Server 05-05-/D (AIX) \n * Hitachi Cosminexus Application Server 05-05-/D (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/D (Linux) \n * Hitachi Cosminexus Application Server 05-05-/D (Windows) \n * Hitachi Cosminexus Application Server 05-05-/E (AIX) \n * Hitachi Cosminexus Application Server 05-05-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/E (Linux) \n * Hitachi Cosminexus Application Server 05-05-/E (Windows) \n * Hitachi Cosminexus Application Server 05-05-/F (AIX) \n * Hitachi Cosminexus Application Server 05-05-/F (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/F (Linux) \n * Hitachi Cosminexus Application Server 05-05-/F (Windows) \n * Hitachi Cosminexus Application Server 05-05-/G (AIX) \n * Hitachi Cosminexus Application Server 05-05-/G (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/G (Linux) \n * Hitachi Cosminexus Application Server 05-05-/G (Windows) \n * Hitachi Cosminexus Application Server 05-05-/H (AIX) \n * Hitachi Cosminexus Application Server 05-05-/H (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/H (Windows) \n * Hitachi Cosminexus Application Server 05-05-/H(Linux) \n * Hitachi Cosminexus Application Server 05-05-/I (AIX) \n * Hitachi Cosminexus Application Server 05-05-/I (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/I (Linux) \n * Hitachi Cosminexus Application Server 05-05-/I (Windows) \n * Hitachi Cosminexus Application Server 05-05-/J (AIX) \n * Hitachi Cosminexus Application Server 05-05-/J (Windows) \n * Hitachi Cosminexus Application Server 05-05-/K (AIX) \n * Hitachi Cosminexus Application Server 05-05-/K (Windows) \n * Hitachi Cosminexus Application Server 05-05-/L (AIX) \n * Hitachi Cosminexus Application Server 05-05-/L (Windows) \n * Hitachi Cosminexus Application Server 05-05-/M (AIX) \n * Hitachi Cosminexus Application Server 05-05-/M (Windows) \n * Hitachi Cosminexus Application Server 05-05-/M \n * Hitachi Cosminexus Application Server 05-05-/N (Windows) \n * Hitachi Cosminexus Application Server 05-05-/O (AIX) \n * Hitachi Cosminexus Application Server 05-05-/O (Windows) \n * Hitachi Cosminexus Application Server 05-05-/P (Windows) \n * Hitachi Cosminexus Application Server 5.0 \n * Hitachi Cosminexus Application Server 5.0.0 \n * Hitachi Cosminexus Application Server Enterprise 06-00 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/F (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/G (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/H (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/H (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C(*1) (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E(*1) (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/G (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-C(*1) (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B(*1) (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/H (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/J (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/K (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/L (Windows) \n * Hitachi Cosminexus Application Server Enterprise 6 \n * Hitachi Cosminexus Application Server Enterprise 6.0.0 \n * Hitachi Cosminexus Application Server Standard 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/F (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/G (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/H (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/H (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B(Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/C(*1) (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C(*1) (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/E(*1) (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/G (AIX \n * Hitachi Cosminexus Application Server Standard 06-50-/G (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B(*1) (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/H (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/J (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/K (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/L (Windows) \n * Hitachi Cosminexus Application Server Standard 3 \n * Hitachi Cosminexus Application Server Standard 6 \n * Hitachi Cosminexus Application Server Standard 6.0.0 \n * Hitachi Cosminexus Application Server Standard Version 6 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50-/F (AIX) \n * Hitachi Cosminexus Client 06-00 (Windows) \n * Hitachi Cosminexus Client 06-00-/I (Windows) \n * Hitachi Cosminexus Client 06-02 (Windows) \n * Hitachi Cosminexus Client 06-02-/G (Windows) \n * Hitachi Cosminexus Client 06-50 (Windows) \n * Hitachi Cosminexus Client 06-50-/F (Windows) \n * Hitachi Cosminexus Client 06-51 (Windows) \n * Hitachi Cosminexus Client 06-51-/K (Windows) \n * Hitachi Cosminexus Client 06-51-/L (Windows) \n * Hitachi Cosminexus Client 6 \n * Hitachi Cosminexus Developer 05-00 (Windows) \n * Hitachi Cosminexus Developer 05-00-/I (Windows) \n * Hitachi Cosminexus Developer 05-01 (Windows) \n * Hitachi Cosminexus Developer 05-01-/A (Windows) \n * Hitachi Cosminexus Developer 05-01-/B (Windows) \n * Hitachi Cosminexus Developer 05-01-/C (Windows) \n * Hitachi Cosminexus Developer 05-01-/D (Windows) \n * Hitachi Cosminexus Developer 05-01-/E (Windows) \n * Hitachi Cosminexus Developer 05-01-/F (Windows) \n * Hitachi Cosminexus Developer 05-01-/G (Windows) \n * Hitachi Cosminexus Developer 05-01-/H (Windows) \n * Hitachi Cosminexus Developer 05-01-/I (Windows) \n * Hitachi Cosminexus Developer 05-01-/J (Windows) \n * Hitachi Cosminexus Developer 05-01-/K (Windows) \n * Hitachi Cosminexus Developer 05-01-/L (Windows) \n * Hitachi Cosminexus Developer 05-05 (Windows) \n * Hitachi Cosminexus Developer 05-05-/A (Windows) \n * Hitachi Cosminexus Developer 05-05-/B (Windows) \n * Hitachi Cosminexus Developer 05-05-/C (Windows) \n * Hitachi Cosminexus Developer 05-05-/D (Windows) \n * Hitachi Cosminexus Developer 05-05-/E (Windows) \n * Hitachi Cosminexus Developer 05-05-/F (Windows) \n * Hitachi Cosminexus Developer 05-05-/G (Windows) \n * Hitachi Cosminexus Developer 05-05-/H (Windows) \n * Hitachi Cosminexus Developer 05-05-/I (Windows) \n * Hitachi Cosminexus Developer 05-05-/J (Windows) \n * Hitachi Cosminexus Developer 05-05-/K (Windows) \n * Hitachi Cosminexus Developer 05-05-/L (Windows) \n * Hitachi Cosminexus Developer 05-05-/M (Windows) \n * Hitachi Cosminexus Developer 05-05-/N (Windows) \n * Hitachi Cosminexus Developer 05-05-/O (Windows) \n * Hitachi Cosminexus Developer 05-05-/P (Windows) \n * Hitachi Cosminexus Developer 05-05-/Q (Windows) \n * Hitachi Cosminexus Developer 5 \n * Hitachi Cosminexus Developer 5.0.0 \n * Hitachi Cosminexus Developer Light 06-00 (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-02 (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-50 (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51 (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Light 6 \n * Hitachi Cosminexus Developer Professional 06-00 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-02 (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-50 (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Professional 6 \n * Hitachi Cosminexus Developer Professional 6.0.0 \n * Hitachi Cosminexus Developer Standard 06-00 (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-02 (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-50 (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51 (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Standard 6 \n * Hitachi Cosminexus Developer Standard 6.0.0 \n * Hitachi Cosminexus Primary Server Base 6.0.0 \n * Hitachi Cosminexus Server - Standard Edition 04-00 (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (AIX) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (HP-UX) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (Solaris) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Server - Standard Edition 4 \n * Hitachi Cosminexus Server - Web Edition 04-00 (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-01 (HP-UX) \n * Hitachi Cosminexus Server - Web Edition 04-01 (Solaris) \n * Hitachi Cosminexus Server - Web Edition 04-01 (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Server - Web Edition 4 \n * Hitachi Cosminexus Studio - Standard Edition 04-00 (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-01 (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Studio - Standard Edition \n * Hitachi Cosminexus Studio - Web Edition 04-00 (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-01 (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Studio - Web Edition \n * Hitachi Cosminexus Studio 05-00 (Windows) \n * Hitachi Cosminexus Studio 05-00-/I (Windows) \n * Hitachi Cosminexus Studio 05-01 (Windows) \n * Hitachi Cosminexus Studio 05-01-/L (Windows) \n * Hitachi Cosminexus Studio 05-05 (Windows) \n * Hitachi Cosminexus Studio 05-05-/P (Windows) \n * Hitachi Cosminexus Studio 05-05-/Q (Windows) \n * Hitachi Cosminexus Studio 5 \n * Hitachi uCosminexus Application Server Enterprise 06-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/H (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/L (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/M (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/N (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/N (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/O (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/A (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/A (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/D (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/D (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/G (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/G (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/H (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/H (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/J (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72(*1) (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00 HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00-01 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00-01 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-02 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-03 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-12 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-10 \n * Hitachi uCosminexus Application Server Enterprise 07-10 HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-01 HP-UX(IPF) \n * Hitachi uCosminexus Application Server Enterprise 07-10-06 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-08 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-1 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-50 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-50 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-50-01 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-50-01 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-53 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 08-53 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 08-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Windows) \n * Hitachi uCosminexus Application Server Express 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Express 08-00 (AIX) \n * Hitachi uCosminexus Application Server Express 08-00 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-00 (Linux) \n * Hitachi uCosminexus Application Server Express 08-00 (Solaris(SPARC \n * Hitachi uCosminexus Application Server Express 08-00 (Windows) \n * Hitachi uCosminexus Application Server Express 08-20 (Solaris (x6) \n * Hitachi uCosminexus Application Server Express 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 08-70 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 09-00 (Linux) \n * Hitachi uCosminexus Application Server Express 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-00 (Windows) \n * Hitachi uCosminexus Application Server Light 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Light 08-50 (Linux (IPF)) \n * Hitachi uCosminexus Application Server Light 09-00 (AIX) \n * Hitachi uCosminexus Application Server Light 09-00 (HP-UX (IPF)) \n * Hitachi uCosminexus Application Server Light 09-00 (Linux) \n * Hitachi uCosminexus Application Server Light 09-00 (Windows (x64)) \n * Hitachi uCosminexus Application Server Light 09-00 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 08-70 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition \n * Hitachi uCosminexus Application Server Standard 02-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70 (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/H (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/H (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/I (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/J (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/K (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/L (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/M (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/N (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/N (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/O (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Standard 06-71 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/A (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/A (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/B (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/B (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/C (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/C (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/D (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/D (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/G (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/G (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/H (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/H (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/J (Windows) \n * Hitachi uCosminexus Application Server Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72(*1) (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/A (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/B (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Standard 06-72-/C (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (AIX) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00 (Solaris) \n * Hitachi uCosminexus Application Server Standard 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-01 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00-01 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-02 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-03 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-10-01 HP-UX(IPF) \n * Hitachi uCosminexus Application Server Standard 07-50 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-50 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-50-01 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-50-01 (Linux) \n * Hitachi uCosminexus Application Server Standard 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard 08-50 (AIX) \n * Hitachi uCosminexus Application Server Standard 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-53 (Linux) \n * Hitachi uCosminexus Application Server Standard 08-53 (Windows) \n * Hitachi uCosminexus Application Server Standard 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 09-00 (HP-UX (IPF)) \n * Hitachi uCosminexus Application Server Standard 09-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard 09-00 (Windows) \n * Hitachi uCosminexus Application Server Standard \n * Hitachi uCosminexus Application Server Standard Version 6 \n * Hitachi uCosminexus Application Server Standard-R 08-70 (Windows) \n * Hitachi uCosminexus Application Server Standard-R \n * Hitachi uCosminexus Client 06-70 (Windows) \n * Hitachi uCosminexus Client 06-70-/D (Windows) \n * Hitachi uCosminexus Client 06-70-/F (Windows) \n * Hitachi uCosminexus Client 06-70-/G (Windows) \n * Hitachi uCosminexus Client 06-71 (Windows) \n * Hitachi uCosminexus Client 06-71-/D (Windows) \n * Hitachi uCosminexus Client 06-71-/F (Windows) \n * Hitachi uCosminexus Client 06-71-/G (Windows) \n * Hitachi uCosminexus Client 06-71-/H (Windows) \n * Hitachi uCosminexus Client 06-71-/J (Windows) \n * Hitachi uCosminexus Client 07-00 (Windows) \n * Hitachi uCosminexus Client 07-00-03 (AIX) \n * Hitachi uCosminexus Client 07-00-03 (Linux) \n * Hitachi uCosminexus Client 07-00-03 (Windows) \n * Hitachi uCosminexus Client 07-10 (Windows) \n * Hitachi uCosminexus Client 07-10-01 (Windows) \n * Hitachi uCosminexus Client 07-20 (Windows) \n * Hitachi uCosminexus Client 07-20-01 (Windows) \n * Hitachi uCosminexus Client 07-50 (Windows) \n * Hitachi uCosminexus Client 07-50-01 (Windows) \n * Hitachi uCosminexus Client 08-53 (Windows) \n * Hitachi uCosminexus Client 09-00 (Linux) \n * Hitachi uCosminexus Client 09-00 (Windows) \n * Hitachi uCosminexus Client 09-00 \n * Hitachi uCosminexus Client for Plug-in \n * Hitachi uCosminexus Developer 01 \n * Hitachi uCosminexus Developer Light 06-70 (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Light 06-71 (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Light 6 \n * Hitachi uCosminexus Developer Light 6.7 \n * Hitachi uCosminexus Developer Light 7 \n * Hitachi uCosminexus Developer Light 8 \n * Hitachi uCosminexus Developer Professional 06-70 (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Professional 06-71 (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Professional 08-53 (Windows) \n * Hitachi uCosminexus Developer Professional 09-00(Windows) \n * Hitachi uCosminexus Developer Professional 7 \n * Hitachi uCosminexus Developer Professional 8 \n * Hitachi uCosminexus Developer Professional \n * Hitachi uCosminexus Developer Professional for Plug-in 08-70 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in \n * Hitachi uCosminexus Developer Standard 06-70 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Standard 06-71 (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Standard 08-53 (Windows) \n * Hitachi uCosminexus Developer Standard 7 \n * Hitachi uCosminexus Developer Standard 8 \n * Hitachi uCosminexus Developer Standard \n * Hitachi uCosminexus Operator 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-00-03 (AIX) \n * Hitachi uCosminexus Operator 07-00-03 (Linux) \n * Hitachi uCosminexus Operator 07-00-03 (Windows) \n * Hitachi uCosminexus Operator 07-10 (Windows) \n * Hitachi uCosminexus Operator 07-10-01 (Windows) \n * Hitachi uCosminexus Operator 07-20 (Windows) \n * Hitachi uCosminexus Operator 07-20-01 (Windows) \n * Hitachi uCosminexus Operator 07-50 (Windows) \n * Hitachi uCosminexus Operator 07-50-01 (Windows) \n * Hitachi uCosminexus Operator 7 \n * Hitachi uCosminexus Operator 8 \n * Hitachi uCosminexus Primary Server Base \n * Hitachi uCosminexus Service Architect 07-00 (Windows) \n * Hitachi uCosminexus Service Architect 07-00-03 (AIX) \n * Hitachi uCosminexus Service Architect 07-00-03 (Linux) \n * Hitachi uCosminexus Service Architect 07-00-03 (Windows) \n * Hitachi uCosminexus Service Architect 07-10 (Windows) \n * Hitachi uCosminexus Service Architect 07-10-01 (Windows) \n * Hitachi uCosminexus Service Architect 07-20 (Windows) \n * Hitachi uCosminexus Service Architect 07-20-01 (Windows) \n * Hitachi uCosminexus Service Architect 07-50 (Windows) \n * Hitachi uCosminexus Service Architect 07-50-01 (Windows) \n * Hitachi uCosminexus Service Architect 08-53 (Windows) \n * Hitachi uCosminexus Service Architect 09-00 \n * Hitachi uCosminexus Service Architect 7 \n * Hitachi uCosminexus Service Architect 8 \n * Hitachi uCosminexus Service Platform - Messaging \n * Hitachi uCosminexus Service Platform 07-00 (Linux) \n * Hitachi uCosminexus Service Platform 07-00 (Windows) \n * Hitachi uCosminexus Service Platform 07-00-03 (AIX) \n * Hitachi uCosminexus Service Platform 07-00-03 (Linux) \n * Hitachi uCosminexus Service Platform 07-00-03 (Windows) \n * Hitachi uCosminexus Service Platform 07-00-12 (Linux) \n * Hitachi uCosminexus Service Platform 07-10 (AIX) \n * Hitachi uCosminexus Service Platform 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 07-10 (Linux) \n * Hitachi uCosminexus Service Platform 07-10 (Windows) \n * Hitachi uCosminexus Service Platform 07-10-01 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 07-10-01 (Windows) \n * Hitachi uCosminexus Service Platform 07-10-06 (AIX) \n * Hitachi uCosminexus Service Platform 07-10-06 (Linux) \n * Hitachi uCosminexus Service Platform 07-20 (Windows) \n * Hitachi uCosminexus Service Platform 07-20-01 (Windows) \n * Hitachi uCosminexus Service Platform 07-50 (Linux) \n * Hitachi uCosminexus Service Platform 07-50 (Windows) \n * Hitachi uCosminexus Service Platform 07-50-01 (Windows) \n * Hitachi uCosminexus Service Platform 08-50 (AIX) \n * Hitachi uCosminexus Service Platform 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-53 (Linux) \n * Hitachi uCosminexus Service Platform 08-53 (Windows) \n * Hitachi uCosminexus Service Platform 09-00 (Windows) \n * Hitachi uCosminexus Service Platform 09-00 AIX (64) \n * Hitachi uCosminexus Service Platform 09-00 HP-UX (IPF) \n * Hitachi uCosminexus Service Platform 09-00 Linux (x64) \n * Hitachi uCosminexus Service Platform 09-00 Windows (x64) \n * IBM Java SDK 1.4.2 \n * IBM Java SDK 5 \n * IBM Java SDK 6 \n * IBM Java SDK 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.5 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Notes 8.0.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 9.0 \n * IBM Maximo Asset Management 6.2 \n * IBM Maximo Asset Management 7.1 \n * IBM Maximo Asset Management 7.5 \n * IBM Maximo Asset Management Essentials 7.1 \n * IBM Maximo Asset Management Essentials 7.5 \n * IBM Rational Functional Tester 8.0.0.1 \n * IBM Rational Functional Tester 8.0.0.2 \n * IBM Rational Functional Tester 8.0.0.3 \n * IBM Rational Functional Tester 8.0.0.4 \n * IBM Rational Functional Tester 8.1 \n * IBM Rational Functional Tester 8.1.0.1 \n * IBM Rational Functional Tester 8.1.0.2 \n * IBM Rational Functional Tester 8.1.0.3 \n * IBM Rational Functional Tester 8.1.1 \n * IBM Rational Functional Tester 8.1.1.1 \n * IBM Rational Functional Tester 8.1.1.2 \n * IBM Rational Functional Tester 8.1.1.3 \n * IBM Rational Functional Tester 8.2 \n * IBM Rational Functional Tester 8.2.0.2 \n * IBM Rational Functional Tester 8.2.1.1 \n * IBM Rational Functional Tester 8.2.2 \n * IBM Rational Functional Tester 8.2.2.1 \n * IBM Rational Functional Tester 8.3 \n * IBM Rational Functional Tester 8.3.0.1 \n * IBM Rational Functional Tester 8.5.0.1 \n * IBM Rational Host On-Demand 11.0.0 \n * IBM Rational Host On-Demand 11.0.7 \n * IBM Service Delivery Manager 7.2.1 \n * IBM Service Delivery Manager 7.2.2 \n * IBM Service Delivery Manager 7.2.4 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.3 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.4 \n * IBM Tivoli Business Service Manager 4.2 \n * IBM Tivoli Business Service Manager 4.2.1 \n * IBM Tivoli Business Service Manager 6.1 \n * IBM Tivoli Business Service Manager 6.1.1 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Endpoint Manager for Remote Control 9.0.0 \n * IBM Tivoli Netcool/OMNIbus 7.2.1 \n * IBM Tivoli Netcool/OMNIbus 7.3.0 \n * IBM Tivoli Netcool/OMNIbus 7.3.1 \n * IBM Tivoli Netcool/OMNIbus 7.4.0 \n * IBM Tivoli Remote Control 5.1.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.2 \n * IBM Tivoli System Automation Application Manager 3.1 \n * IBM Tivoli System Automation Application Manager 3.2 \n * IBM Tivoli System Automation Application Manager 3.2.1 \n * IBM Tivoli System Automation Application Manager 3.2.2 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1 \n * IBM WebSphere ILOG JRules 7.1.1 \n * IBM WebSphere MQ 7.0 \n * IBM WebSphere MQ 7.0.0 2 \n * IBM WebSphere MQ 7.0.0.1 \n * IBM WebSphere MQ 7.0.1 7 \n * IBM WebSphere MQ 7.0.1.1 \n * IBM WebSphere MQ 7.0.1.2 \n * IBM WebSphere MQ 7.0.1.3 \n * IBM WebSphere MQ 7.0.1.4 \n * IBM WebSphere MQ 7.0.1.5 \n * IBM WebSphere MQ 7.0.1.6 \n * IBM WebSphere MQ 7.0.1.8 \n * IBM WebSphere MQ 7.0.1.9 \n * IBM WebSphere MQ 7.1 \n * IBM WebSphere MQ 7.1.0.1 \n * IBM WebSphere MQ 7.1.0.2 \n * IBM WebSphere MQ 7.5 \n * IBM WebSphere MQ 7.5.0.1 \n * IBM WebSphere Message Broker 6.1.0.11 \n * IBM WebSphere Message Broker 7.0.0.5 \n * IBM WebSphere Message Broker 8.0.0.2 \n * IBM WebSphere Operational Decision Management 7.5.0.0 \n * IBM WebSphere Operational Decision Management 8.0.1 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Mandriva Enterprise Server 5 \n * Mandriva Enterprise Server 5 X86 64 \n * McAfee ePO-MVT 1.0.7 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_34 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_34 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_39 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_13 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_39 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.5.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_41 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_13 \n * Oracle JDK(Linux Production Release) 1.7.0_14 \n * Oracle JDK(Linux Production Release) 1.7.0_15 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_41 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_14 \n * Oracle JDK(Solaris Production Release) 1.7.0_15 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_41 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_14 \n * Oracle JDK(Windows Production Release) 1.7.0_15 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_38 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.5.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_41 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_13 \n * Oracle JRE(Linux Production Release) 1.7.0_14 \n * Oracle JRE(Linux Production Release) 1.7.0_15 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_41 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_12 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_14 \n * Oracle JRE(Solaris Production Release) 1.7.0_15 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_41 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_14 \n * Oracle JRE(Windows Production Release) 1.7.0_15 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Redhat Network Satellite (for RHEL 5) 5.5 \n * Redhat Network Satellite (for RHEL 6) 5.5 \n * Schneider-Electric Trio TView Software 3.27.0 \n * SuSE Linux Enterprise Software Development Kit 11 SP2 \n * SuSE SUSE Linux Enterprise 10 SP4 \n * SuSE SUSE Linux Enterprise Java 10 SP4 \n * SuSE SUSE Linux Enterprise Java 11 SP2 \n * SuSE SUSE Linux Enterprise Server 11 SP2 \n * SuSE SUSE Linux Enterprise Server for VMware 11 SP2 \n * SuSE Suse Linux Enterprise Desktop 10 SP4 \n * SuSE Suse Linux Enterprise Desktop 11 SP2 \n * SuSE openSUSE 12.1 \n * Ubuntu Ubuntu Linux 10.04 ARM \n * Ubuntu Ubuntu Linux 10.04 Amd64 \n * Ubuntu Ubuntu Linux 10.04 I386 \n * Ubuntu Ubuntu Linux 10.04 Powerpc \n * Ubuntu Ubuntu Linux 10.04 Sparc \n * Ubuntu Ubuntu Linux 11.10 amd64 \n * Ubuntu Ubuntu Linux 11.10 i386 \n * Ubuntu Ubuntu Linux 12.04 LTS amd64 \n * Ubuntu Ubuntu Linux 12.04 LTS i386 \n * Ubuntu Ubuntu Linux 12.10 amd64 \n * Ubuntu Ubuntu Linux 12.10 i386 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information. The payloads delivered by the exploit kits are detected by Symantec as 'Trojan.Zbot' and 'Trojan.Horse'.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2013-02-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "symantec", "title": "Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "Hitachi Cosminexus Application Server", "version": "05-05-/C (HP-UX) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Developer Light", "version": "6.7 ", "operator": "eq"}, {"name": "IBM Tivoli Business Service Manager", "version": "6.1 ", "operator": "eq"}, {"name": "IBM Maximo Asset Management Essentials", "version": "7.1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Enterprise", "version": "06-50-/F (HP-UX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-05-/D (AIX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00-/L (AIX) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-70-/B(Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Light", "version": "09-00 (Linux) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-51-/D (Linux) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/I (AIX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Professional", "version": "06-00-/E (Windows) ", "operator": "eq"}, {"name": "Avaya Voice Portal", "version": "5.1 ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Smart Edition", "version": "08-70 (Windows) ", "operator": "eq"}, {"name": "Apple Mac OS X Server", "version": "10.0.1 ", "operator": "eq"}, {"name": "Avaya Aura Messaging", "version": "6.1 ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-70-/E (Solaris) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Operator", "version": "07-20-01 (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-02-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Professional", "version": "06-51-/L (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Express", "version": "09-00 (Windows) ", "operator": "eq"}, {"name": "Mandriva Business Server", "version": "1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-05-/H (AIX) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Client", "version": "07-10-01 (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Light", "version": "06-02-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/C (Solaris) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Developer Standard", "version": "06-71-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Standard", "version": "06-00-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Client", "version": "06-71 (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Developer Light", "version": "06-70-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Enterprise", "version": "06-70-/A Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "08-53 (Linux) ", "operator": "eq"}, {"name": "IBM WebSphere MQ", "version": "7.0.0 2 ", "operator": "eq"}, {"name": "Hitachi uCosminexus Service Platform", "version": "07-00 (Linux) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-70-/H (HP-UX(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-51-/B (Windows) ", "operator": "eq"}, {"name": "Avaya Messaging Storage Server", "version": "5.2.13 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00-/J (AIX) ", "operator": "eq"}, {"name": "Avaya Aura SIP Enablement Services", "version": "5.2 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Professional", "version": "06-51-/H (Windows) ", "operator": "eq"}, {"name": "Avaya Aura System Manager", "version": "6.1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/B (Solaris) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/E(*1) (HP-UX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Light", "version": "06-51-/E (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Service Architect", "version": "07-20 (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Service Platform", "version": "09-00 Windows (x64) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/B (Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Enterprise", "version": "06-02-/C (Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Client", "version": "06-50 (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Developer Light", "version": "06-71-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00-/A (AIX) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Developer Light", "version": "06-71-/F (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Enterprise", "version": "06-71-/C (Linux) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Operator", "version": "07-50 (Windows) ", "operator": "eq"}, {"name": "Avaya Aura Session Manager", "version": "5.2.1 ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Express", "version": "08-50 (Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-70-/B (HP-UX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer", "version": "05-01-/E (Windows) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Client", "version": "06-70-/F (Windows) ", "operator": "eq"}, {"name": "IBM Rational Functional Tester", "version": "8.5.0.1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-05-/O (AIX) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Enterprise", "version": "06-70-/B (HP-UX(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-01-/G (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-05 (Linux) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-71-/H (Linux) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Client", "version": "06-02 (Windows) ", "operator": "eq"}, {"name": "Avaya Message Networking", "version": "5.2.1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00 (HP-UX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00-/B (AIX) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Professional", "version": "06-02-/D (Windows) ", "operator": "eq"}, {"name": "Avaya Aura Communication Manager", "version": "6.2 ", "operator": "eq"}, {"name": "Avaya Aura Experience Portal", "version": "6.0.2 ", "operator": "eq"}, {"name": "Avaya Aura Communication Manager", "version": "6.0 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Standard", "version": "06-51-/A (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Enterprise", "version": "06-02-/F (Linux) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-02 (Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Light", "version": "06-02 (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-50-/C(*1) (HP-UX(IPF)) ", "operator": "eq"}, {"name": "Ubuntu Ubuntu Linux", "version": "10.04 ARM ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server", "version": "05-00 (AIX) ", "operator": "eq"}, {"name": "Avaya Aura Messaging", "version": "6.0.1 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Enterprise", "version": "06-00 (HP-UX(IPF)) ", "operator": "eq"}, {"name": "Hitachi uCosminexus Application Server Standard", "version": "06-70-/G (HP-UX(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Developer Professional", "version": "06-00-/D (Windows) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Primary Server Base", "version": "6.0.0 ", "operator": "eq"}, {"name": "Hitachi Cosminexus Application Server Standard", "version": "06-02-/D (Linux(IPF)) ", "operator": "eq"}, {"name": "Hitachi Cosminexus Dev