ID REDHAT-RHSA-2013-0624.NASL Type nessus Reporter Tenable Modified 2017-01-05T00:00:00
Description
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)
All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2013:0624. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(65202);
script_version("$Revision: 1.26 $");
script_cvs_date("$Date: 2017/01/05 16:17:31 $");
script_cve_id("CVE-2012-5085", "CVE-2013-0409", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0440", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1493");
script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);
script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);
script_xref(name:"RHSA", value:"2013:0624");
script_name(english:"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated java-1.5.0-ibm packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having
critical security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the
IBM Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2013-0409, CVE-2013-0424,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,
CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,
CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,
CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)
All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16 release. All running
instances of IBM Java must be restarted for this update to take
effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2012-5085.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0409.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0424.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0425.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0426.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0427.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0428.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0432.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0433.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0434.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0440.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0442.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0443.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0445.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0450.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-0809.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1476.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1478.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1480.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1481.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1486.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.redhat.com/security/data/cve/CVE-2013-1493.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.ibm.com/developerworks/java/jdk/alerts/"
);
script_set_attribute(
attribute:"see_also",
value:"http://rhn.redhat.com/errata/RHSA-2013-0624.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Java CMM Remote Code Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
script_set_attribute(attribute:"patch_publication_date", value:"2013/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^(5\.9|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.9 / 6.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2013:0624";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", sp:"9", reference:"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", reference:"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", reference:"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL5", sp:"9", reference:"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", reference:"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390", reference:"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc");
}
}
{"hash": "3dfb518785dde758155402abc37808e5305edfd71e2ae14f2ae07b4bbd1bc5c4", "naslFamily": "Red Hat Local Security Checks", "id": "REDHAT-RHSA-2013-0624.NASL", "lastseen": "2017-10-29T13:45:07", "viewCount": 3, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e77f4eb77ddf6fdb958d5d9b212aa1e3", "key": "cpe"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ba9badc8d3bde2aba2b6f0f12c5999d7", "key": "sourceData"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 3, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "history": [{"bulletin": {"hash": "52916251740815140f0a3e5604ecab10250abf5091643be2944e489efa1dae59", "naslFamily": "Red Hat Local Security Checks", "edition": 2, "lastseen": "2017-01-06T02:17:07", "enchantments": {}, "hashmap": [{"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "ba9badc8d3bde2aba2b6f0f12c5999d7", "key": "sourceData"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "REDHAT-RHSA-2013-0624.NASL", "type": "nessus", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "viewCount": 3, "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.26 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "published": "2013-03-12T00:00:00", "pluginID": "65202", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "modified": "2017-01-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202"}, "lastseen": "2017-01-06T02:17:07", "edition": 2, "differentElements": ["cpe"]}, {"bulletin": {"hash": "1bb8c8af90a9e75e94ca70aa36240199d78e05d89b5083c7ea5e104897e03a57", "naslFamily": "Red Hat Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:26:32", "viewCount": 0, "hashmap": [{"hash": "d4d064cfe0e4042b38911306aeefc42e", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "922395c95dde7655f146baeaf307ddb9", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "964e8d3cf0b83db12176742a7c515e2d", "key": "pluginID"}, {"hash": "32b73c3f5bbe2b383186efb6bf4d6f74", "key": "published"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d0a2f6ca281377808ca9d03f92d80860", "key": "cvelist"}, {"hash": "7b6310b09db5b0f368dd6b897e4e96e5", "key": "description"}, {"hash": "74b2fc7ddde9207559e904b9278d3f5d", "key": "title"}, {"hash": "87946fa4e3b0ffd2a5b965605169bfaa", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "3d809e7e4beb5755d437261942a8793c", "key": "references"}], "bulletinFamily": "exploit", "history": [], "id": "REDHAT-RHSA-2013-0624.NASL", "type": "nessus", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16 release. All running instances of IBM Java must be restarted for this update to take effect.", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.25 $\");\n script_cvs_date(\"$Date: 2016/05/13 15:25:21 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n}\n", "published": "2013-03-12T00:00:00", "pluginID": "65202", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "modified": "2016-05-13T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202"}, "lastseen": "2016-09-26T17:26:32", "edition": 1, "differentElements": ["modified", "sourceData"]}], "objectVersion": "1.3", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0809", "CVE-2013-0442", "CVE-2012-5085", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1493", "CVE-2013-0425"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0624. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65202);\n script_version(\"$Revision: 1.26 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:17:31 $\");\n\n script_cve_id(\"CVE-2012-5085\", \"CVE-2013-0409\", \"CVE-2013-0424\", \"CVE-2013-0425\", \"CVE-2013-0426\", \"CVE-2013-0427\", \"CVE-2013-0428\", \"CVE-2013-0432\", \"CVE-2013-0433\", \"CVE-2013-0434\", \"CVE-2013-0440\", \"CVE-2013-0442\", \"CVE-2013-0443\", \"CVE-2013-0445\", \"CVE-2013-0450\", \"CVE-2013-0809\", \"CVE-2013-1476\", \"CVE-2013-1478\", \"CVE-2013-1480\", \"CVE-2013-1481\", \"CVE-2013-1486\", \"CVE-2013-1493\");\n script_bugtraq_id(57686, 57687, 57689, 57691, 57696, 57702, 57703, 57709, 57711, 57712, 57713, 57715, 57718, 57719, 57724, 57727, 57728, 57730, 58029, 58238, 58296);\n script_osvdb_id(89758, 89759, 89760, 89763, 89767, 89769, 89771, 89772, 89774, 89792, 89796, 89797, 89798, 89800, 89801, 89802, 89804, 89806, 90353, 90737, 90837);\n script_xref(name:\"RHSA\", value:\"2013:0624\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440,\nCVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450,\nCVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480,\nCVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-5085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0424.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0425.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0426.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0427.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0428.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0442.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1476.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1480.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1481.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1486.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1493.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ibm.com/developerworks/java/jdk/alerts/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0624.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java CMM Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0624\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "published": "2013-03-12T00:00:00", "pluginID": "65202", "references": ["https://www.ibm.com/developerworks/java/jdk/alerts/", "https://www.redhat.com/security/data/cve/CVE-2013-0433.html", "https://www.redhat.com/security/data/cve/CVE-2013-0445.html", "https://www.redhat.com/security/data/cve/CVE-2013-1476.html", "https://www.redhat.com/security/data/cve/CVE-2013-0424.html", "http://rhn.redhat.com/errata/RHSA-2013-0624.html", "https://www.redhat.com/security/data/cve/CVE-2013-0427.html", "https://www.redhat.com/security/data/cve/CVE-2013-0443.html", "https://www.redhat.com/security/data/cve/CVE-2013-1481.html", "https://www.redhat.com/security/data/cve/CVE-2013-1478.html", "https://www.redhat.com/security/data/cve/CVE-2013-1486.html", "https://www.redhat.com/security/data/cve/CVE-2013-0809.html", "https://www.redhat.com/security/data/cve/CVE-2013-0432.html", "https://www.redhat.com/security/data/cve/CVE-2013-0428.html", "https://www.redhat.com/security/data/cve/CVE-2013-1493.html", "https://www.redhat.com/security/data/cve/CVE-2013-0434.html", "https://www.redhat.com/security/data/cve/CVE-2013-0409.html", "https://www.redhat.com/security/data/cve/CVE-2013-0426.html", "https://www.redhat.com/security/data/cve/CVE-2013-0450.html", "https://www.redhat.com/security/data/cve/CVE-2012-5085.html", "https://www.redhat.com/security/data/cve/CVE-2013-0440.html", "https://www.redhat.com/security/data/cve/CVE-2013-0442.html", "https://www.redhat.com/security/data/cve/CVE-2013-1480.html", "https://www.redhat.com/security/data/cve/CVE-2013-0425.html"], "reporter": "Tenable", "modified": "2017-01-05T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65202"}
{"result": {"cve": [{"id": "CVE-2013-0426", "type": "cve", "title": "CVE-2013-0426", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions.", "published": "2013-02-01T19:55:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426", "cvelist": ["CVE-2013-0426"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2013-0427", "type": "cve", "title": "CVE-2013-0427", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.", "published": "2013-02-01T19:55:01", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0427", "cvelist": ["CVE-2013-0427"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2013-1478", "type": "cve", "title": "CVE-2013-1478", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient validation of raster parameters\" that can trigger an integer overflow and memory corruption.", "published": "2013-02-01T19:55:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478", "cvelist": ["CVE-2013-1478"], "lastseen": "2017-09-19T13:38:40"}, {"id": "CVE-2013-0428", "type": "cve", "title": "CVE-2013-0428", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"incorrect checks for proxy classes\" in the Reflection API.", "published": "2013-02-01T19:55:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428", "cvelist": ["CVE-2013-0428"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2013-0809", "type": "cve", "title": "CVE-2013-0809", "description": "Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.", "published": "2013-03-05T17:06:33", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0809", "cvelist": ["CVE-2013-0809"], "lastseen": "2017-09-19T13:38:37"}, {"id": "CVE-2013-0442", "type": "cve", "title": "CVE-2013-0442", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of \"privileges of the code\" that bypasses the sandbox.", "published": "2013-02-01T19:55:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442", "cvelist": ["CVE-2013-0442"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2012-5085", "type": "cve", "title": "CVE-2012-5085", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.", "published": "2012-10-16T17:55:02", "cvss": {"score": 0.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5085", "cvelist": ["CVE-2012-5085"], "lastseen": "2017-11-30T12:08:06"}, {"id": "CVE-2013-0434", "type": "cve", "title": "CVE-2013-0434", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.", "published": "2013-02-01T19:55:01", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0434", "cvelist": ["CVE-2013-0434"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2013-0443", "type": "cve", "title": "CVE-2013-0443", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a \"small subgroup attack\" to force the use of weak session keys or obtain sensitive information about the private key.", "published": "2013-02-01T19:55:02", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443", "cvelist": ["CVE-2013-0443"], "lastseen": "2017-09-19T13:38:34"}, {"id": "CVE-2013-0433", "type": "cve", "title": "CVE-2013-0433", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.", "published": "2013-02-01T19:55:01", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0433", "cvelist": ["CVE-2013-0433"], "lastseen": "2017-09-19T13:38:34"}], "suse": [{"id": "SUSE-SU-2013:0440-3", "type": "suse", "title": "Security update for Java (important)", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "published": "2013-03-14T23:04:46", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00022.html", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T11:29:41"}, {"id": "SUSE-SU-2013:0440-2", "type": "suse", "title": "Security update for Java (important)", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n", "published": "2013-03-13T18:04:30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00016.html", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T12:36:29"}, {"id": "SUSE-SU-2013:0478-1", "type": "suse", "title": "Security update for IBM Java2 JRE and SDK (important)", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes\n various critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1478, CVE-2013-1480, CVE-2013-1476, CVE-2013-0442,\n CVE-2013-0425, CVE-2013-0426, CVE-2013-0428,\n CVE-2013-1481, CVE-2013-0432, CVE-2013-0434,\n CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "published": "2013-03-18T22:04:28", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T11:51:43"}, {"id": "SUSE-SU-2013:0440-4", "type": "suse", "title": "Security update for Java (important)", "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "published": "2013-03-15T20:04:28", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00030.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T11:50:34"}, {"id": "SUSE-SU-2013:0315-1", "type": "suse", "title": "Security update for Java 1.6.0 (important)", "description": "java-1_6_0-openjdk based on Icedtea6-1.12.2 was released,\n fixing various security issues:\n\n New in release 1.12.2 (2012-02-03):\n\n *\n\n Security fixes\n\n o S6563318, CVE-2013-0424: RMI data sanitization\n o S6664509, CVE-2013-0425: Add logging context o S6664528,\n CVE-2013-0426: Find log level matching its name or value\n given at construction time o S6776941: CVE-2013-0427:\n Improve thread pool shutdown o S7141694, CVE-2013-0429:\n Improving CORBA internals o S7173145: Improve in-memory\n representation of splashscreens o S7186945: Unpack200\n improvement o S7186946: Refine unpacker resource usage o\n S7186948: Improve Swing data validation o S7186952,\n CVE-2013-0432: Improve clipboard access o S7186954: Improve\n connection performance o S7186957: Improve Pack200 data\n validation o S7192392, CVE-2013-0443: Better validation of\n client keys o S7192393, CVE-2013-0440: Better Checking of\n order of TLS Messages o S7192977, CVE-2013-0442: Issue in\n toolkit thread o S7197546, CVE-2013-0428: (proxy) Reflect\n about creating reflective proxies o S7200491: Tighten up\n JTable layout code o S7200500: Launcher better input\n validation o S7201064: Better dialogue checking o S7201066,\n CVE-2013-0441: Change modifiers on unused fields o\n S7201068, CVE-2013-0435: Better handling of UI elements o\n S7201070: Serialization to conform to protocol o S7201071,\n CVE-2013-0433: InetSocketAddress serialization issue o\n S8000210: Improve JarFile code quality o S8000537,\n CVE-2013-0450: Contextualize RequiredModelMBean class o\n S8000540, CVE-2013-1475: Improve IIOP type reuse management\n o S8000631, CVE-2013-1476: Restrict access to class\n constructor o S8001235, CVE-2013-0434: Improve JAXP HTTP\n handling o S8001242: Improve RMI HTTP conformance o\n S8001307: Modify ACC_SUPER behavior o S8001972,\n CVE-2013-1478: Improve image processing o S8002325,\n CVE-2013-1480: Improve management of images\n *\n\n Backports\n\n o S7010849: 5/5 Extraneous javac source/target\n options when building sa-jdi o S8004341: Two JCK tests\n fails with 7u11 b06 o S8005615: Java Logger fails to load\n tomcat logger implementation (JULI)\n *\n\n Bug fixes\n\n o PR1297: cacao and jamvm parallel unpack\n failures o PR1301: PR1171 causes builds of Zero to fail\n\n", "published": "2013-02-20T16:04:20", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00015.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:23:06"}, {"id": "SUSE-SU-2013:0440-6", "type": "suse", "title": "Security update for Java (important)", "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "published": "2013-03-18T21:04:29", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00033.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T11:45:49"}, {"id": "OPENSUSE-SU-2013:0308-1", "type": "suse", "title": "java-1_6_0-openjdk to 1.12.2 (important)", "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "published": "2013-02-19T11:04:35", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00013.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:41:29"}, {"id": "OPENSUSE-SU-2013:0312-1", "type": "suse", "title": "java-1_6_0-openjdk to 1.12.1 (important)", "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.1 to fix\n bugs and security issues (bnc#801972)\n\n * Security fixes (on top of 1.12.0)\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n", "published": "2013-02-19T15:04:26", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:57:01"}, {"id": "OPENSUSE-SU-2013:0377-1", "type": "suse", "title": "java-1_7_0-openjdk: update to 2.3.6 (critical)", "description": "java-1_7_0-openjdk was updated to icedtea-2.3.6\n (bnc#803379) containing various security and bugfixes:\n\n * Security fixes\n - S6563318, CVE-2013-0424: RMI data sanitization\n - S6664509, CVE-2013-0425: Add logging context\n - S6664528, CVE-2013-0426: Find log level matching its\n name or value given at construction time\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n - S7141694, CVE-2013-0429: Improving CORBA internals\n - S7173145: Improve in-memory representation of\n splashscreens\n - S7186945: Unpack200 improvement\n - S7186946: Refine unpacker resource usage\n - S7186948: Improve Swing data validation\n - S7186952, CVE-2013-0432: Improve clipboard access\n - S7186954: Improve connection performance\n - S7186957: Improve Pack200 data validation\n - S7192392, CVE-2013-0443: Better validation of client\n keys\n - S7192393, CVE-2013-0440: Better Checking of order of\n TLS Messages\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating\n reflective proxies\n - S7200491: Tighten up JTable layout code\n - S7200493, CVE-2013-0444: Improve cache handling\n - S7200499: Better data validation for options\n - S7200500: Launcher better input validation\n - S7201064: Better dialogue checking\n - S7201066, CVE-2013-0441: Change modifiers on unused\n fields\n - S7201068, CVE-2013-0435: Better handling of UI elements\n - S7201070: Serialization to conform to protocol\n - S7201071, CVE-2013-0433: InetSocketAddress\n serialization issue\n - S8000210: Improve JarFile code quality\n - S8000537, CVE-2013-0450: Contextualize\n RequiredModelMBean class\n - S8000539, CVE-2013-0431: Introspect JMX data handling\n - S8000540, CVE-2013-1475: Improve IIOP type reuse\n management\n - S8000631, CVE-2013-1476: Restrict access to class\n constructor\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n - S8001242: Improve RMI HTTP conformance\n - S8001307: Modify ACC_SUPER behavior\n - S8001972, CVE-2013-1478: Improve image processing\n - S8002325, CVE-2013-1480: Improve management of images\n * Backports\n - S7057320:\n test/java/util/concurrent/Executors/AutoShutdown.java\n failing intermittently\n - S7083664: TEST_BUG: test hard code of using c:/temp but\n this dir might not exist\n - S7107613: scalability blocker in\n javax.crypto.CryptoPermissions\n - S7107616: scalability blocker in\n javax.crypto.JceSecurityManager\n - S7146424: Wildcard expansion for single entry classpath\n - S7160609: [macosx] JDK crash in libjvm.dylib ( C\n [GeForceGLDriver+0x675a] gldAttachDrawable+0x941)\n - S7160951: [macosx] ActionListener called twice for\n JMenuItem using ScreenMenuBar\n - S7162488: VM not printing unknown -XX options\n - S7169395: Exception throws due to the changes in JDK 7\n object tranversal and break backward compatibility\n - S7175616: Port fix for TimeZone from JDK 8 to JDK 7\n - S7176485: (bf) Allow temporary buffer cache to grow to\n IOV_MAX\n - S7179908: Fork hs23.3 hsx from hs22.2 for jdk7u7 and\n reinitialize build number\n - S7184326: TEST_BUG:\n java/awt/Frame/7024749/bug7024749.java has a typo\n - S7185245: Licensee source bundle tries to compile JFR\n - S7185471: Avoid key expansion when AES cipher is\n re-init w/ the same key\n - S7186371: [macosx] Main menu shortcuts not displayed\n (7u6 regression)\n - S7187834: [macosx] Usage of private API in macosx 2d\n implementation causes Apple Store rejection\n - S7188114: (launcher) need an alternate command line\n parser for Windows\n - S7189136: Fork hs23.5 hsx from hs23.4 for jdk7u9 and\n reinitialize build number\n - S7189350: Fix failed for CR 7162144\n - S7190550: REGRESSION: Some closed/com/oracle/jfr/api\n tests fail to compile becuse of fix 7185245\n - S7193219: JComboBox serialization fails in JDK 1.7\n - S7193977: REGRESSION:Java 7's JavaBeans persistence\n ignoring the "transient" flag on properties\n - S7195106: REGRESSION : There is no way to get Icon inf,\n once Softreference is released\n - S7195301: XML Signature DOM implementation should not\n use instanceof to determine type of Node\n - S7195931: UnsatisfiedLinkError on\n PKCS11.C_GetOperationState while using NSS from jre7u6+\n - S7197071: Makefiles for various security providers\n aren't including the default manifest.\n - S7197652: Impossible to run any signed JNLP\n applications or applets, OCSP off by default\n - S7198146: Another new regression test does not compile\n on windows-amd64\n - S7198570: (tz) Support tzdata2012f\n - S7198640: new hotspot build - hs23.6-b04\n - S7199488: [TEST] runtime/7158800/InternTest.java failed\n due to false-positive on PID match.\n - S7199645: Increment build # of hs23.5 to b02\n - S7199669: Update tags in .hgtags file for CPU release\n rename\n - S7200720: crash in net.dll during NTLM authentication\n - S7200742: (se) Selector.select does not block when\n starting Coherence (sol11u1)\n - S7200762: [macosx] Stuck in\n sun.java2d.opengl.CGLGraphicsConfig.getMaxTextureSize(Native\n Method)\n - S8000285: Deadlock between PostEventQueue.noEvents,\n EventQueue.isDispatchThread and\n SwingUtilities.invokeLater\n - S8000286: [macosx] Views keep scrolling back to the\n drag position after DnD\n - S8000297: REGRESSION:\n closed/java/awt/EventQueue/PostEventOrderingTest.java\n fails\n - S8000307: Jre7cert: focusgained does not get called for\n all focus req when do alt + tab\n - S8000822: Fork hs23.7 hsx from hs23.6 for jdk7u11 and\n reinitialize build number\n - S8001124: jdk7u ProblemList.txt updates (10/2012)\n - S8001242: Improve RMI HTTP conformance\n - S8001808: Create a test for 8000327\n - S8001876: Create regtest for 8000283\n - S8002068: Build broken: corba code changes unable to\n use new JDK 7 classes\n - S8002091: tools/launcher/ToolsOpts.java test started to\n fail since 7u11 b01 on Windows\n - S8002114: fix failed for JDK-7160951: [macosx]\n ActionListener called twice for JMenuItem using\n ScreenMenuBar\n - S8002225: (tz) Support tzdata2012i\n - S8003402: (dc)\n test/java/nio/channels/DatagramChannel/SendToUnresovled.java\n failing after 7u11 cleanup issues\n - S8003403: Test ShortRSAKeyWithinTLS and\n ClientJSSEServerJSSE failing after 7u11 cleanup\n - S8003948: NTLM/Negotiate authentication problem\n - S8004175: Restricted packages added in java.security\n are missing in java.security-{macosx, solaris, windows}\n - S8004302: javax/xml/soap/Test7013971.java fails since\n jdk6u39b01\n - S8004341: Two JCK tests fails with 7u11 b06\n - S8005615: Java Logger fails to load tomcat logger\n implementation (JULI)\n * Bug fixes\n - Fix build using Zero's HotSpot so all patches apply\n again.\n - PR1295: jamvm parallel unpack failure\n * removed\n icedtea-2.3.2-fix-extract-jamvm-dependency.patch\n - removed\n icedtea-2.3.3-refresh-6924259-string_offset.patch\n\n - few missing /openjdk/%{origin}/ changes\n\n", "published": "2013-03-01T17:05:38", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T12:15:24"}, {"id": "SUSE-SU-2013:0440-5", "type": "suse", "title": "Security update for IBM Java5 JRE and SDK (important)", "description": "IBM Java 5 has been updated to SR16 which fixes various\n critical security issues and bugs.\n\n Please see the IBM JDK Alert page for more information:\n\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Security issues fixed:\n\n CVE-2013-1486, CVE-2013-1478, CVE-2013-0445, CVE-2013-1480,\n CVE-2013-1476, CVE-2013-0442, CVE-2013-0425,\n CVE-2013-0426, CVE-2013-0428, CVE-2013-1481,\n CVE-2013-0432, CVE-2013-0434, CVE-2013-0409, CVE-2013-0427,\n CVE-2013-0433, CVE-2013-0424, CVE-2013-0440, CVE-2013-0443.\n\n\n", "published": "2013-03-16T17:06:57", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00032.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2016-09-04T11:28:41"}], "nessus": [{"id": "SUSE_JAVA-1_4_2-IBM-8481.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Java (ZYPP Patch Number 8481)", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 / CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 / CVE-2013-0440)", "published": "2013-03-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65546", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2017-10-29T13:34:38"}, {"id": "SUSE_11_JAVA-1_4_2-IBM-130306.NASL", "type": "nessus", "title": "SuSE 11.2 Security Update : Java (SAT Patch Number 7450)", "description": "IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1478 / CVE-2013-1480 / CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0424 / CVE-2013-0440)", "published": "2013-03-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65545", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2017-10-29T13:39:51"}, {"id": "REDHAT-RHSA-2013-0246.NASL", "type": "nessus", "title": "RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-02-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64519", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:34:34"}, {"id": "CENTOS_RHSA-2013-0245.NASL", "type": "nessus", "title": "CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64536", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:34:40"}, {"id": "SUSE_JAVA-1_5_0-IBM-8483.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Java (ZYPP Patch Number 8483)", "description": "IBM Java 5 has been updated to SR16 which fixes various critical security issues and bugs.\n\nPlease see the IBM JDK Alert page for more information :\n\nhttp://www.ibm.com/developerworks/java/jdk/alerts/\n\nSecurity issues fixed :\n\n - / CVE-2013-0443. (CVE-2013-1486 / CVE-2013-1478 / CVE-2013-0445 / CVE-2013-1480 / CVE-2013-1476 / CVE-2013-0442 / CVE-2013-0425 / CVE-2013-0426 / CVE-2013-0428 / CVE-2013-1481 / CVE-2013-0432 / CVE-2013-0434 / CVE-2013-0409 / CVE-2013-0427 / CVE-2013-0433 / CVE-2013-0424 / CVE-2013-0440)", "published": "2013-03-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65599", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-1486", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425"], "lastseen": "2017-10-29T13:35:40"}, {"id": "MANDRIVA_MDVSA-2013-010.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)", "description": "Multiple security issues were identified and fixed in OpenJDK (icedtea6) :\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options when building sa-jdi\n\nThe updated packages provides icedtea6-1.11.6 which is not vulnerable to these issues.", "published": "2013-02-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64563", "cvelist": ["CVE-2013-0426", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:44:05"}, {"id": "REDHAT-RHSA-2013-0245.NASL", "type": "nessus", "title": "RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)", "description": "Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\nRefer to the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-02-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64518", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:37:20"}, {"id": "SUSE_11_JAVA-1_6_0-OPENJDK-130212.NASL", "type": "nessus", "title": "SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)", "description": "java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues :\n\nNew in release 1.12.2 (2012-02-03) :\n\n - Security fixes\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling\n\n - S8001242: Improve RMI HTTP conformance\n\n - S8001307: Modify ACC_SUPER behavior\n\n - S8001972, CVE-2013-1478: Improve image processing\n\n - S8002325, CVE-2013-1480: Improve management of images\n\n - Backports\n\n - S7010849: 5/5 Extraneous javac source/target options when building sa-jdi\n\n - S8004341: Two JCK tests fails with 7u11 b06\n\n - S8005615: Java Logger fails to load tomcat logger implementation (JULI)\n\n - Bug fixes\n\n - PR1297: cacao and jamvm parallel unpack failures\n\n - PR1301: PR1171 causes builds of Zero to fail", "published": "2013-02-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64780", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:44:08"}, {"id": "SL_20130208_JAVA_1_6_0_OPENJDK_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64", "description": "Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n(CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n(CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate Diffie- Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6.\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-02-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64522", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:34:10"}, {"id": "OPENSUSE-2013-131.NASL", "type": "nessus", "title": "openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0308-1)", "description": "OpenJDK (java-1_6_0-openjdk) was updated to 1.12.2 to fix bugs and security issues (bnc#801972)\n\n - Security fixes (on top of 1.12.0)\n\n - S6563318, CVE-2013-0424: RMI data sanitization\n\n - S6664509, CVE-2013-0425: Add logging context\n\n - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time\n\n - S6776941: CVE-2013-0427: Improve thread pool shutdown\n\n - S7141694, CVE-2013-0429: Improving CORBA internals\n\n - S7173145: Improve in-memory representation of splashscreens\n\n - S7186945: Unpack200 improvement\n\n - S7186946: Refine unpacker resource usage\n\n - S7186948: Improve Swing data validation\n\n - S7186952, CVE-2013-0432: Improve clipboard access\n\n - S7186954: Improve connection performance\n\n - S7186957: Improve Pack200 data validation\n\n - S7192392, CVE-2013-0443: Better validation of client keys\n\n - S7192393, CVE-2013-0440: Better Checking of order of TLS Messages\n\n - S7192977, CVE-2013-0442: Issue in toolkit thread\n\n - S7197546, CVE-2013-0428: (proxy) Reflect about creating reflective proxies\n\n - S7200491: Tighten up JTable layout code\n\n - S7200500: Launcher better input validation\n\n - S7201064: Better dialogue checking\n\n - S7201066, CVE-2013-0441: Change modifiers on unused fields\n\n - S7201068, CVE-2013-0435: Better handling of UI elements\n\n - S7201070: Serialization to conform to protocol\n\n - S7201071, CVE-2013-0433: InetSocketAddress serialization issue\n\n - S8000210: Improve JarFile code quality\n\n - S8000537, CVE-2013-0450: Contextualize RequiredModelMBean class\n\n - S8000540, CVE-2013-1475: Improve IIOP type reuse management\n\n - S8000631, CVE-2013-1476: Restrict access to class constructor\n\n - S8001235, CVE-2013-0434: Improve JAXP HTTP handling", "published": "2014-06-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74896", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-29T13:45:44"}], "openvas": [{"id": "OPENVAS:1361412562310865337", "type": "openvas", "title": "Fedora Update for java-1.7.0-openjdk FEDORA-2013-2209", "description": "Check for the Version of java-1.7.0-openjdk", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865337", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2012-4681", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-04-06T11:21:12"}, {"id": "OPENVAS:865341", "type": "openvas", "title": "Fedora Update for java-1.7.0-openjdk FEDORA-2013-2205", "description": "Check for the Version of java-1.7.0-openjdk", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=865341", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-02-06T13:09:54"}, {"id": "OPENVAS:881597", "type": "openvas", "title": "CentOS Update for java CESA-2013:0246 centos5 ", "description": "Check for the Version of java", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881597", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-02-05T11:11:35"}, {"id": "OPENVAS:870905", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0246-01", "description": "Check for the Version of java-1.6.0-openjdk", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870905", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-01-18T11:09:34"}, {"id": "OPENVAS:1361412562310123729", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0245", "description": "Oracle Linux Local Security Checks ELSA-2013-0245", "published": "2015-10-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123729", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-07-24T12:54:03"}, {"id": "OPENVAS:1361412562310123727", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0246", "description": "Oracle Linux Local Security Checks ELSA-2013-0246", "published": "2015-10-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123727", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-07-24T12:53:04"}, {"id": "OPENVAS:850401", "type": "openvas", "title": "SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0312-1 (java-1_6_0-openjdk)", "description": "Check for the Version of java-1_6_0-openjdk", "published": "2013-03-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850401", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-01-23T13:10:00"}, {"id": "OPENVAS:850402", "type": "openvas", "title": "SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0308-1 (java-1_6_0-openjdk)", "description": "Check for the Version of java-1_6_0-openjdk", "published": "2013-03-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850402", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-01-23T13:09:34"}, {"id": "OPENVAS:1361412562310850402", "type": "openvas", "title": "SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0308-1 (java-1_6_0-openjdk)", "description": "Check for the Version of java-1_6_0-openjdk", "published": "2013-03-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850402", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1476", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2018-04-06T11:21:11"}, {"id": "OPENVAS:870906", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:0245-01", "description": "Check for the Version of java-1.6.0-openjdk", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870906", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-07-27T10:51:33"}], "oraclelinux": [{"id": "ELSA-2013-0245", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.0-1.54.1.11.6]\n- removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch8: 7201064.patch to be reverted\n- added patch9: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.53.1.11.6]\n- added patch8 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906707\n[1:1.6.0.0-1.51.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906707", "published": "2013-02-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0245.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:15:56"}, {"id": "ELSA-2013-0246", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.33.1.11.6]\n- removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n- added patch9: 7201064.patch to be reverted\n- added patch10: 8005615.patch to fix the 6664509.patch\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.32.1.11.6]\n- added patch9 revertTwoWrongSecurityPatches2013-02-06.patch\n to remove 6664509 and 7201064 from 1.11.6 tarball\n- Resolves: rhbz#906705\n[1:1.6.0.0-1.31.1.11.6]\n- Updated to icedtea6 1.11.6\n- Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#906705", "published": "2013-02-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0246.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:17:07"}, {"id": "ELSA-2013-0247", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.9-2.3.5.3.0.1.el6_3]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.5.3.el6_3]\n- Sync logging fixes with upstream (icedtea7-forest and jdk7u)\n[1.7.0.9-2.3.5.1.el6_3]\n- Removed 6664509 backout and added 8005615 to fix the issue\n[1.7.0.9-2.3.5.el6_3.1]\n- Backed out 6664509 and 7201064.patch which cause regressions\n[1.7.0.9-2.3.5.el6_3]\n- Bumped to 2.3.5\n- Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5\n- Resolves: rhbz#906707", "published": "2013-02-08T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0247.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-04T11:15:56"}, {"id": "ELSA-2013-0605", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.0-1.57.1.11.9]\n- Updated to icedtea6 1.11.9\n- Resolves: rhbz#917179", "published": "2013-03-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0605.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T11:15:56"}, {"id": "ELSA-2013-0602", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.9-2.3.8.0.0.1.el6_4]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.8.0el6]\n- Revert to rhel 6.3 version of spec file\n- Revert to icedtea7 2.3.8 forest\n- Resolves: rhbz#917183\n[1.7.0.11-2.4.0.pre5.el6]\n- Update to latest snapshot of icedtea7 2.4 forest\n- Resolves: rhbz#917183\n[1.7.0.9-2.4.0.pre4.3.el6]\n- Updated to icedtea 2.4.0.pre4,\n- Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#911530\n[1.7.0.9-2.4.0.pre3.3.el6]\n- Updated to icedtea 2.4.0.pre3, updated!\n- Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#911530\n[1.7.0.9-2.4.0.pre2.3.el6]\n- Removed testing\n - mauve was outdated and\n - jtreg was icedtea relict\n- Updated to icedtea 2.4.0.pre2, updated?\n- Added java -Xshare:dump to post (see 513605) fo jitarchs\n- Resolves: rhbz#911530\n[1.7.0.11-2.4.0.2.el6]\n- Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch\n- Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch\n- Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch\n- Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch\n- NSS enabled by default - enable_nss set to 1\n- rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch\n- rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch\n- Resolves: rhbz#831734\n[1.7.0.11-2.4.0.1.el6]\n- Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch\n- Added jxmd and idlj to alternatives\n- make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true\n- Unapplied patch302 and deleted systemtap.patch\n- buildver increased to 11\n- icedtea_version set to 2.4.0\n- Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch\n- removed tmp-patches source tarball\n- Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar\n- Disabled nss - enable_nss set to 0\n- Resolves: rhbz#895034", "published": "2013-03-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0602.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T11:16:13"}, {"id": "ELSA-2013-0603", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.9-2.3.8.0.0.1.el5_9]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.9-2.3.8.0.el5_9]\n- Updated to icedtea7-forest-2.3\n- Resolves: rhbz#917181", "published": "2013-03-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0603.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T11:16:41"}, {"id": "ELSA-2013-0604", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.36.1.11.9]\n- Updated to icedtea6 1.11.9\n- Resolves: rhbz#917176", "published": "2013-03-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0604.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T11:16:01"}, {"id": "ELSA-2012-1386", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.9-2.3.3.0.1.el6_3.1]\n- Update DISTRO_NAME in specfile\n[1.7.0.9-2.3.3.el6.1]\n- Changed permissions of sa-jdi.jar to correct 644\n- Resolves: rhbz#865050\n[1.7.0.9-2.3.3.el6]\n- Updated to 2.3.3\n- Updated java-1.7.0-openjdk-java-access-bridge-security.patch\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568\n[1.7.0.5-2.3.2.el6.1]\n- Cleanup before security release\n- Updated to latest IcedTea7-forest 2.3\n- Resolves: rhbz#852299\n[1.7.0.5-2.2.1.1.el6.4]\n- Cleanup before security release\n- Removed patches:\n patch 1001 sec-webrevs-openjdk7-29_aug_2012-7162473.patch\n patch 1002 sec-webrevs-openjdk7-29_aug_2012-7162476.patch\n patch 1003 sec-webrevs-openjdk7-29_aug_2012-7163201.patch\n patch 1004 sec-webrevs-openjdk7-29_aug_2012-7194567.patch\n patch 1005 sec-webrevs-openjdk7-29_aug_2012-78e01a6ca8d3.patch\n- Resolves: rhbz#852299", "published": "2012-10-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1386.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "lastseen": "2016-09-04T11:17:02"}, {"id": "ELSA-2012-1385", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.0-1.28.1.10.10.0.1.el5_8]\n- Add oracle-enterprise.patch\n[1:1.6.0.0-1.28.1.10.10]\n- Updated to IcedTea6 1.10.10\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568", "published": "2012-10-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1385.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2016-09-04T11:16:28"}, {"id": "ELSA-2012-1384", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.0-1.50.1.11.5]\n- Changed permissions of sa-jdi.jar to correct 644\n- Resolves: rhbz#865045\n[1:1.6.0.0-1.49.1.11.5]\n- Updated to IcedTea6 1.11.5\n- Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357,\n 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514,\n 865519, 865531, 865541, 865568", "published": "2012-10-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2012-1384.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2016-09-04T11:16:02"}], "centos": [{"id": "CESA-2013:0245", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0245\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019233.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0245.html", "published": "2013-02-09T11:03:54", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019233.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-03T18:26:04"}, {"id": "CESA-2013:0246", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0246\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019231.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0246.html", "published": "2013-02-08T22:39:51", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019231.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-03T18:25:41"}, {"id": "CESA-2013:0247", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0247\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019232.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/019234.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0247.html", "published": "2013-02-09T00:57:50", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/019232.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2017-10-03T18:24:26"}, {"id": "CESA-2013:0602", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0602\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000823.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0602.html", "published": "2013-03-06T21:09:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000823.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2018-04-04T13:00:22"}, {"id": "CESA-2013:0605", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0605\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nNote: If your system has not yet been upgraded to Red Hat Enterprise Linux\n6.4 and the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. Thus, this\nupdate has been rated as having critical security impact as a one time\nexception. The icedtea-web package as provided with Red Hat Enterprise\nLinux 6.4 uses OpenJDK 7 instead.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-March/000822.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0605.html", "published": "2013-03-06T21:08:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-March/000822.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2018-04-04T12:59:45"}, {"id": "CESA-2013:0603", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0603\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019268.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0603.html", "published": "2013-03-06T21:16:37", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019268.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2017-10-03T18:26:58"}, {"id": "CESA-2013:0604", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0604\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nAn integer overflow flaw was found in the way the 2D component handled\ncertain sample model instances. A specially-crafted sample model instance\ncould cause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with virtual machine privileges. (CVE-2013-0809)\n\nIt was discovered that the 2D component did not properly reject certain\nmalformed images. Specially-crafted raster parameters could cause Java\nVirtual Machine memory corruption and, possibly, lead to arbitrary code\nexecution with virtual machine privileges. (CVE-2013-1493)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019267.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0604.html", "published": "2013-03-06T21:15:03", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019267.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2017-10-03T18:26:22"}, {"id": "CESA-2012:1386", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1386\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nLibraries, Swing, and JMX components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,\nCVE-2012-5089)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.org.glassfish packages. An untrusted Java application\nor applet could use these flaws to bypass Java sandbox restrictions. This\nupdate lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use these flaws to disclose sensitive information.\n(CVE-2012-5070, CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-October/018947.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1386.html", "published": "2012-10-17T17:16:08", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-October/018947.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068", "CVE-2012-5070"], "lastseen": "2017-10-03T18:26:56"}, {"id": "CESA-2012:1384", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1384\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nSwing, and JMX components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use this flaw to disclose sensitive information.\n(CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-October/018946.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1384.html", "published": "2012-10-17T17:15:32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-October/018946.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2017-10-03T18:25:50"}, {"id": "CESA-2012:1385", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2012:1385\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the Beans,\nSwing, and JMX components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)\n\nMultiple improper permission check issues were discovered in the Scripting,\nJMX, Concurrency, Libraries, and Security components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,\nCVE-2012-5069, CVE-2012-5073, CVE-2012-5072)\n\nIt was discovered that java.util.ServiceLoader could create an instance of\nan incompatible class while performing provider lookup. An untrusted Java\napplication or applet could use this flaw to bypass certain Java sandbox\nrestrictions. (CVE-2012-5079)\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS\nimplementation did not properly handle handshake records containing an\noverly large data length value. An unauthenticated, remote attacker could\npossibly use this flaw to cause an SSL/TLS server to terminate with an\nexception. (CVE-2012-5081)\n\nIt was discovered that the JMX component in OpenJDK could perform certain\nactions in an insecure manner. An untrusted Java application or applet\ncould possibly use this flaw to disclose sensitive information.\n(CVE-2012-5075)\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it\nto not perform array initialization in certain cases. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nvirtual machine's memory. (CVE-2012-4416)\n\nIt was discovered that the SecureRandom class did not properly protect\nagainst the creation of multiple seeders. An untrusted Java application or\napplet could possibly use this flaw to disclose sensitive information.\n(CVE-2012-5077)\n\nIt was discovered that the java.io.FilePermission class exposed the hash\ncode of the canonicalized path name. An untrusted Java application or\napplet could possibly use this flaw to determine certain system paths, such\nas the current working directory. (CVE-2012-3216)\n\nThis update disables Gopher protocol support in the java.net package by\ndefault. Gopher support can be enabled by setting the newly introduced\nproperty, \"jdk.net.registerGopherProtocol\", to true. (CVE-2012-5085)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer\nto the NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-October/018948.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-1385.html", "published": "2012-10-17T17:21:03", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2012-October/018948.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2017-10-03T18:25:09"}], "redhat": [{"id": "RHSA-2013:0246", "type": "redhat", "title": "(RHSA-2013:0246) Important: java-1.6.0-openjdk security update", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2013-02-08T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0246", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "lastseen": "2017-09-09T07:19:13"}, {"id": "RHSA-2013:0245", "type": "redhat", "title": "(RHSA-2013:0245) Critical: java-1.6.0-openjdk security update", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the Libraries,\nNetworking, and JAXP components. An untrusted Java application or applet\ncould use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2013-02-08T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0245", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "lastseen": "2017-12-25T20:05:50"}, {"id": "RHSA-2013:0247", "type": "redhat", "title": "(RHSA-2013:0247) Important: java-1.7.0-openjdk security update", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple improper permission check issues were discovered in the AWT,\nCORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475,\nCVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0428, CVE-2013-0444)\n\nMultiple flaws were found in the way image parsers in the 2D and AWT\ncomponents handled image raster parameters. A specially-crafted image could\ncause Java Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the virtual machine privileges.\n(CVE-2013-1478, CVE-2013-1480)\n\nA flaw was found in the AWT component's clipboard handling code. An\nuntrusted Java application or applet could use this flaw to access\nclipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432)\n\nThe default Java security properties configuration did not restrict access\nto certain com.sun.xml.internal packages. An untrusted Java application or\napplet could use this flaw to access information, bypassing certain Java\nsandbox restrictions. This update lists the whole package as restricted.\n(CVE-2013-0435)\n\nMultiple improper permission check issues were discovered in the JMX,\nLibraries, Networking, and JAXP components. An untrusted Java application\nor applet could use these flaws to bypass certain Java sandbox\nrestrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434)\n\nIt was discovered that the RMI component's CGIHandler class used user\ninputs in error messages without any sanitization. An attacker could use\nthis flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424)\n\nIt was discovered that the SSL/TLS implementation in the JSSE component\ndid not properly enforce handshake message ordering, allowing an unlimited\nnumber of handshake restarts. A remote attacker could use this flaw to\nmake an SSL/TLS server using JSSE consume an excessive amount of CPU by\ncontinuously restarting the handshake. (CVE-2013-0440)\n\nIt was discovered that the JSSE component did not properly validate\nDiffie-Hellman public keys. An SSL/TLS client could possibly use this flaw\nto perform a small subgroup attack. (CVE-2013-0443)\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2013-02-08T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0247", "cvelist": ["CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480"], "lastseen": "2017-12-25T20:05:52"}, {"id": "RHSA-2013:0624", "type": "redhat", "title": "(RHSA-2013:0624) Critical: java-1.5.0-ibm security update", "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-0409, CVE-2013-0424,\nCVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443,\nCVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16 release. All running instances\nof IBM Java must be restarted for this update to take effect.\n", "published": "2013-03-11T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0624", "cvelist": ["CVE-2012-5085", "CVE-2013-0409", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0440", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1493"], "lastseen": "2017-09-08T08:04:56"}, {"id": "RHSA-2013:0236", "type": "redhat", "title": "(RHSA-2013:0236) Critical: java-1.6.0-sun security update", "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,\nCVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432,\nCVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446,\nCVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1480, CVE-2013-1481)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 39. All running instances of\nOracle Java must be restarted for the update to take effect.\n", "published": "2013-02-04T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0236", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-1473", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481"], "lastseen": "2017-09-09T07:20:12"}, {"id": "RHSA-2013:0625", "type": "redhat", "title": "(RHSA-2013:0625) Critical: java-1.6.0-ibm security update", "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3213,\nCVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1493)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR13 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "published": "2013-03-11T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0625", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1481", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "lastseen": "2017-09-09T07:19:53"}, {"id": "RHSA-2013:0626", "type": "redhat", "title": "(RHSA-2013:0626) Critical: java-1.7.0-ibm security update", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2012-1541, CVE-2012-3174,\nCVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419,\nCVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433,\nCVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,\nCVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473,\nCVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485,\nCVE-2013-1486, CVE-2013-1487, CVE-2013-1493)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR4 release. All running instances\nof IBM Java must be restarted for the update to take effect.\n", "published": "2013-03-11T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0626", "cvelist": ["CVE-2012-1541", "CVE-2012-3174", "CVE-2012-3213", "CVE-2012-3342", "CVE-2012-5085", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0422", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-0809", "CVE-2013-1473", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1480", "CVE-2013-1484", "CVE-2013-1485", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1493"], "lastseen": "2017-09-09T07:19:55"}, {"id": "RHSA-2013:0237", "type": "redhat", "title": "(RHSA-2013:0237) Critical: java-1.7.0-oracle security update", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409,\nCVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,\nCVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437,\nCVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,\nCVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449,\nCVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478,\nCVE-2013-1479, CVE-2013-1480, CVE-2013-1489)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 13 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "published": "2013-02-04T05:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0237", "cvelist": ["CVE-2012-1541", "CVE-2012-3213", "CVE-2012-3342", "CVE-2013-0351", "CVE-2013-0409", "CVE-2013-0419", "CVE-2013-0423", "CVE-2013-0424", "CVE-2013-0425", "CVE-2013-0426", "CVE-2013-0427", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-0430", "CVE-2013-0431", "CVE-2013-0432", "CVE-2013-0433", "CVE-2013-0434", "CVE-2013-0435", "CVE-2013-0437", "CVE-2013-0438", "CVE-2013-0440", "CVE-2013-0441", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0445", "CVE-2013-0446", "CVE-2013-0448", "CVE-2013-0449", "CVE-2013-0450", "CVE-2013-1473", "CVE-2013-1475", "CVE-2013-1476", "CVE-2013-1478", "CVE-2013-1479", "CVE-2013-1480", "CVE-2013-1489"], "lastseen": "2017-07-28T10:57:47"}, {"id": "RHSA-2013:1456", "type": "redhat", "title": "(RHSA-2013:1456) Low: Red Hat Network Satellite server IBM Java Runtime security update", "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.5. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.5 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "published": "2013-10-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1456", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-2384", "CVE-2013-1491", "CVE-2013-1571", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-0401", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-1478", "CVE-2013-2456", "CVE-2013-0428", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-0169", "CVE-2012-1719", "CVE-2013-2394", "CVE-2012-3159", "CVE-2013-0435", "CVE-2013-0809", "CVE-2013-0442", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-0434", "CVE-2012-5081", "CVE-2013-0443", "CVE-2013-2419", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-0351", "CVE-2013-2465", "CVE-2013-1537", "CVE-2013-3743", "CVE-2012-0551", "CVE-2013-0433", "CVE-2013-1480", "CVE-2012-1717", "CVE-2012-1721", "CVE-2013-0409", "CVE-2013-0438", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-5083", "CVE-2013-2429", "CVE-2013-2471", "CVE-2012-1532", "CVE-2013-1486", "CVE-2013-1476", "CVE-2012-4823", "CVE-2013-1487", "CVE-2013-0445", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-4820", "CVE-2013-0432", "CVE-2012-5084", "CVE-2012-4822", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2464", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-2442", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-2432", "CVE-2012-1722", "CVE-2013-2443", "CVE-2013-1481", "CVE-2013-2446", "CVE-2012-0547", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-1540", "CVE-2013-1493", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-0425", "CVE-2012-5068", "CVE-2012-1682", "CVE-2013-0441", "CVE-2012-3143", "CVE-2013-1569", "CVE-2013-2412", "CVE-2013-2430", "CVE-2013-2466", "CVE-2013-0423", "CVE-2013-0419"], "lastseen": "2017-03-04T13:18:38"}, {"id": "RHSA-2013:1455", "type": "redhat", "title": "(RHSA-2013:1455) Low: Red Hat Network Satellite server IBM Java Runtime security update", "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,\nCVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,\nCVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,\nCVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,\nCVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,\nCVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,\nCVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.4 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "published": "2013-10-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1455", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2468", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-1491", "CVE-2013-1571", "CVE-2011-3557", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2011-3551", "CVE-2013-0401", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-1478", "CVE-2011-3549", "CVE-2013-2456", "CVE-2011-0802", "CVE-2011-0868", "CVE-2013-0428", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-0169", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2012-3159", "CVE-2013-0435", "CVE-2013-0809", "CVE-2013-0442", "CVE-2011-3561", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2011-0869", "CVE-2013-2473", "CVE-2011-0863", "CVE-2012-5079", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-0434", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2013-2463", "CVE-2013-1563", "CVE-2011-3389", "CVE-2013-2469", "CVE-2013-0351", "CVE-2013-2465", "CVE-2013-1537", "CVE-2013-3743", "CVE-2012-0498", "CVE-2011-3544", "CVE-2012-0551", "CVE-2011-3553", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2012-1717", "CVE-2012-1721", "CVE-2011-3516", "CVE-2013-0409", "CVE-2011-0873", "CVE-2013-0438", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-5083", "CVE-2013-2429", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2013-1486", "CVE-2013-1476", "CVE-2012-4823", "CVE-2013-1487", "CVE-2013-0445", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-4820", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2011-3546", "CVE-2012-4822", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2464", "CVE-2011-3554", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2011-0867", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-2432", "CVE-2012-1722", "CVE-2013-2443", "CVE-2013-1481", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-1540", "CVE-2012-0500", "CVE-2011-3560", "CVE-2013-1493", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2455", "CVE-2011-3545", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-0425", "CVE-2011-3552", "CVE-2012-5068", "CVE-2012-1682", "CVE-2013-0441", "CVE-2012-3143", "CVE-2012-0502", "CVE-2011-3550", "CVE-2013-1569", "CVE-2013-2412", "CVE-2011-0862", "CVE-2013-2430", "CVE-2011-0871", "CVE-2013-2466", "CVE-2011-0814", "CVE-2013-0423", "CVE-2013-0419"], "lastseen": "2017-03-04T13:18:30"}], "amazon": [{"id": "ALAS-2013-156", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-0442 __](<https://access.redhat.com/security/cve/CVE-2013-0442>), [CVE-2013-0445 __](<https://access.redhat.com/security/cve/CVE-2013-0445>), [CVE-2013-0441 __](<https://access.redhat.com/security/cve/CVE-2013-0441>), [CVE-2013-1475 __](<https://access.redhat.com/security/cve/CVE-2013-1475>), [CVE-2013-1476 __](<https://access.redhat.com/security/cve/CVE-2013-1476>), [CVE-2013-0429 __](<https://access.redhat.com/security/cve/CVE-2013-0429>), [CVE-2013-0450 __](<https://access.redhat.com/security/cve/CVE-2013-0450>), [CVE-2013-0425 __](<https://access.redhat.com/security/cve/CVE-2013-0425>), [CVE-2013-0426 __](<https://access.redhat.com/security/cve/CVE-2013-0426>), [CVE-2013-0428 __](<https://access.redhat.com/security/cve/CVE-2013-0428>), [CVE-2013-0444 __](<https://access.redhat.com/security/cve/CVE-2013-0444>))\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. ([CVE-2013-1478 __](<https://access.redhat.com/security/cve/CVE-2013-1478>), [CVE-2013-1480 __](<https://access.redhat.com/security/cve/CVE-2013-1480>))\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. ([CVE-2013-0432 __](<https://access.redhat.com/security/cve/CVE-2013-0432>))\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. ([CVE-2013-0435 __](<https://access.redhat.com/security/cve/CVE-2013-0435>))\n\nMultiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-0431 __](<https://access.redhat.com/security/cve/CVE-2013-0431>), [CVE-2013-0427 __](<https://access.redhat.com/security/cve/CVE-2013-0427>), [CVE-2013-0433 __](<https://access.redhat.com/security/cve/CVE-2013-0433>), [CVE-2013-0434 __](<https://access.redhat.com/security/cve/CVE-2013-0434>))\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. ([CVE-2013-0424 __](<https://access.redhat.com/security/cve/CVE-2013-0424>))\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. ([CVE-2013-0440 __](<https://access.redhat.com/security/cve/CVE-2013-0440>))\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. ([CVE-2013-0443 __](<https://access.redhat.com/security/cve/CVE-2013-0443>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.5.3.17.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.5.3.17.amzn1.x86_64 \n \n \n", "published": "2013-02-17T15:35:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-156.html", "cvelist": ["CVE-2013-0426", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0431", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1476", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0450", "CVE-2013-0440", "CVE-2013-0425", "CVE-2013-0441"], "lastseen": "2016-09-28T21:04:05"}, {"id": "ALAS-2013-155", "type": "amazon", "title": "Important: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n\nMultiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges.\n\nA flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions.\n\nThe default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted.\n\nMultiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n\nIt was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack.\n\nIt was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake.\n\nIt was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack.\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-54.1.11.6.48.amzn1.x86_64 \n \n \n", "published": "2013-02-17T15:35:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-155.html", "cvelist": ["CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0443", "CVE-2013-0432", "CVE-2013-0424", "CVE-2013-0440"], "lastseen": "2016-09-28T21:04:03"}, {"id": "ALAS-2013-168", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-0809 __](<https://access.redhat.com/security/cve/CVE-2013-0809>))\n\nIt was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-1493 __](<https://access.redhat.com/security/cve/CVE-2013-1493>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.8.0.22.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.8.0.22.amzn1.x86_64 \n \n \n", "published": "2013-03-14T22:03:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-168.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-28T21:04:11"}, {"id": "ALAS-2013-167", "type": "amazon", "title": "Important: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-0809 __](<https://access.redhat.com/security/cve/CVE-2013-0809>))\n\nIt was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. ([CVE-2013-1493 __](<https://access.redhat.com/security/cve/CVE-2013-1493>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-57.1.11.9.52.amzn1.x86_64 \n \n \n", "published": "2013-03-14T22:03:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-167.html", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-28T21:04:07"}, {"id": "ALAS-2012-137", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2012-5086 __](<https://access.redhat.com/security/cve/CVE-2012-5086>), [CVE-2012-5084 __](<https://access.redhat.com/security/cve/CVE-2012-5084>), [CVE-2012-5089 __](<https://access.redhat.com/security/cve/CVE-2012-5089>))\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2012-5068 __](<https://access.redhat.com/security/cve/CVE-2012-5068>), [CVE-2012-5071 __](<https://access.redhat.com/security/cve/CVE-2012-5071>), [CVE-2012-5069 __](<https://access.redhat.com/security/cve/CVE-2012-5069>), [CVE-2012-5073 __](<https://access.redhat.com/security/cve/CVE-2012-5073>), [CVE-2012-5072 __](<https://access.redhat.com/security/cve/CVE-2012-5072>))\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2012-5079 __](<https://access.redhat.com/security/cve/CVE-2012-5079>))\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. ([CVE-2012-5081 __](<https://access.redhat.com/security/cve/CVE-2012-5081>))\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. ([CVE-2012-5075 __](<https://access.redhat.com/security/cve/CVE-2012-5075>))\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. ([CVE-2012-4416 __](<https://access.redhat.com/security/cve/CVE-2012-4416>))\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. ([CVE-2012-5077 __](<https://access.redhat.com/security/cve/CVE-2012-5077>))\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. ([CVE-2012-3216 __](<https://access.redhat.com/security/cve/CVE-2012-3216>))\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, \"jdk.net.registerGopherProtocol\", to true. ([CVE-2012-5085 __](<https://access.redhat.com/security/cve/CVE-2012-5085>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-1.7.0.9-2.3.3.13.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.13.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.13.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.13.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.3.13.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.13.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.3.13.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.13.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.13.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.9-2.3.3.13.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.3.13.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.13.amzn1.x86_64 \n \n \n", "published": "2012-10-23T10:38:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2012-137.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2016-09-28T21:04:00"}, {"id": "ALAS-2012-136", "type": "amazon", "title": "Important: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2012-5086 __](<https://access.redhat.com/security/cve/CVE-2012-5086>), [CVE-2012-5084 __](<https://access.redhat.com/security/cve/CVE-2012-5084>), [CVE-2012-5089 __](<https://access.redhat.com/security/cve/CVE-2012-5089>))\n\nMultiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2012-5068 __](<https://access.redhat.com/security/cve/CVE-2012-5068>), [CVE-2012-5071 __](<https://access.redhat.com/security/cve/CVE-2012-5071>), [CVE-2012-5069 __](<https://access.redhat.com/security/cve/CVE-2012-5069>), [CVE-2012-5073 __](<https://access.redhat.com/security/cve/CVE-2012-5073>), [CVE-2012-5072 __](<https://access.redhat.com/security/cve/CVE-2012-5072>))\n\nIt was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2012-5079 __](<https://access.redhat.com/security/cve/CVE-2012-5079>))\n\nIt was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. ([CVE-2012-5081 __](<https://access.redhat.com/security/cve/CVE-2012-5081>))\n\nIt was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. ([CVE-2012-5075 __](<https://access.redhat.com/security/cve/CVE-2012-5075>))\n\nA bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. ([CVE-2012-4416 __](<https://access.redhat.com/security/cve/CVE-2012-4416>))\n\nIt was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. ([CVE-2012-5077 __](<https://access.redhat.com/security/cve/CVE-2012-5077>))\n\nIt was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. ([CVE-2012-3216 __](<https://access.redhat.com/security/cve/CVE-2012-3216>))\n\nThis update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, \"jdk.net.registerGopherProtocol\", to true. ([CVE-2012-5085 __](<https://access.redhat.com/security/cve/CVE-2012-5085>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-1.6.0.0-53.1.11.5.47.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-53.1.11.5.47.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-53.1.11.5.47.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-53.1.11.5.47.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-53.1.11.5.47.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-53.1.11.5.47.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-53.1.11.5.47.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-devel-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-53.1.11.5.47.amzn1.x86_64 \n \n \n", "published": "2012-10-23T10:38:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2012-136.html", "cvelist": ["CVE-2012-5089", "CVE-2012-5073", "CVE-2012-5085", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5086", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-5068"], "lastseen": "2016-09-28T21:04:13"}, {"id": "ALAS-2013-163", "type": "amazon", "title": "Important: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nAn improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. ([CVE-2013-1486 __](<https://access.redhat.com/security/cve/CVE-2013-1486>))\n\nIt was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. ([CVE-2013-0169 __](<https://access.redhat.com/security/cve/CVE-2013-0169>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-devel-1.6.0.0-56.1.11.8.51.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-56.1.11.8.51.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-56.1.11.8.51.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-56.1.11.8.51.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-56.1.11.8.51.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-56.1.11.8.51.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-56.1.11.8.51.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-javadoc-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-56.1.11.8.51.amzn1.x86_64 \n \n \n", "published": "2013-03-02T16:50:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-163.html", "cvelist": ["CVE-2013-0169", "CVE-2013-1486"], "lastseen": "2016-09-28T21:04:04"}, {"id": "ALAS-2013-162", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nMultiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-1486 __](<https://access.redhat.com/security/cve/CVE-2013-1486>), [CVE-2013-1484 __](<https://access.redhat.com/security/cve/CVE-2013-1484>))\n\nAn improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ([CVE-2013-1485 __](<https://access.redhat.com/security/cve/CVE-2013-1485>))\n\nIt was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. ([CVE-2013-0169 __](<https://access.redhat.com/security/cve/CVE-2013-0169>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-1.7.0.9-2.3.7.1.20.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.20.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.20.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.20.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.20.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.7.1.20.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.9-2.3.7.1.20.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-1.7.0.9-2.3.7.1.20.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.9-2.3.7.1.20.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.7.1.20.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.9-2.3.7.1.20.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.9-2.3.7.1.20.amzn1.x86_64 \n \n \n", "published": "2013-03-02T16:49:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-162.html", "cvelist": ["CVE-2013-1485", "CVE-2013-0169", "CVE-2013-1486", "CVE-2013-1484"], "lastseen": "2016-09-28T21:04:03"}], "ubuntu": [{"id": "USN-1724-1", "type": "ubuntu", "title": "OpenJDK vulnerabilities", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438)\n\nSeveral data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443)\n\nA vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-0444)\n\nA data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0448)\n\nAn information disclosure vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0449)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 12.10. (CVE-2013-1481)", "published": "2013-02-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1724-1/", "cvelist": ["CVE-2013-0426", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0442", "CVE-2012-3342", "CVE-2013-1473", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-1476", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-0425", "CVE-2013-0441", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0419"], "lastseen": "2018-03-29T18:17:47"}, {"id": "USN-1755-1", "type": "ubuntu", "title": "OpenJDK 6 vulnerabilities", "description": "It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809)\n\nIt was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. (CVE-2013-1493)", "published": "2013-03-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1755-1/", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2018-03-29T18:20:07"}, {"id": "USN-1755-2", "type": "ubuntu", "title": "OpenJDK 7 vulnerabilities", "description": "USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7.\n\nOriginal advisory details:\n\nIt was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. (CVE-2013-0809)\n\nIt was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. (CVE-2013-1493)", "published": "2013-03-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1755-2/", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2018-03-29T18:21:28"}, {"id": "USN-1619-1", "type": "ubuntu", "title": "OpenJDK vulnerabilities", "description": "Several information disclosure vulnerabilities were discovered in the OpenJDK JRE. (CVE-2012-3216, CVE-2012-5069, CVE-2012-5072, CVE-2012-5075, CVE-2012-5077, CVE-2012-5085)\n\nVulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2012-4416, CVE-2012-5071)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-5068, CVE-2012-5083, CVE-2012-5084, CVE-2012-5086, CVE-2012-5089)\n\nInformation disclosure vulnerabilities were discovered in the OpenJDK JRE. These issues only affected Ubuntu 12.10. (CVE-2012-5067, CVE-2012-5070)\n\nVulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2012-5073, CVE-2012-5079)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. This issue only affected Ubuntu 12.10. (CVE-2012-5074)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. These issues only affected Ubuntu 12.10. (CVE-2012-5076, CVE-2012-5087, CVE-2012-5088)\n\nA denial of service vulnerability was found in OpenJDK. (CVE-2012-5081)\n\nPlease see the following for more information: <http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html>", "published": "2012-10-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1619-1/", "cvelist": ["CVE-2012-5089", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1533", "CVE-2012-3159", "CVE-2012-5087", "CVE-2012-5085", "CVE-2012-5076", "CVE-2012-5079", "CVE-2012-4416", "CVE-2012-5075", "CVE-2012-5081", "CVE-2012-5067", "CVE-2012-5083", "CVE-2012-5088", "CVE-2012-5086", "CVE-2012-1532", "CVE-2012-5077", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-5084", "CVE-2012-5071", "CVE-2012-5072", "CVE-2012-1531", "CVE-2012-5068", "CVE-2012-3143", "CVE-2012-5070"], "lastseen": "2018-03-29T18:19:02"}, {"id": "USN-1735-1", "type": "ubuntu", "title": "OpenJDK vulnerabilities", "description": "Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenJDK was vulnerable to a timing side-channel attack known as the \u201cLucky Thirteen\u201d issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. (CVE-2013-0169)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-1484)\n\nA data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-1485)\n\nTwo vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. (CVE-2013-1486, CVE-2013-1487)", "published": "2013-02-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1735-1/", "cvelist": ["CVE-2013-1485", "CVE-2013-0169", "CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1484"], "lastseen": "2018-03-29T18:18:18"}], "cert": [{"id": "VU:858729", "type": "cert", "title": "Oracle Java contains multiple vulnerabilities", "description": "### Overview\n\nJava 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nThe Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems. \n\nThe Java JRE plug-in provides its own [Security Manager](<http://docs.oracle.com/javase/7/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29>). Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document [states](<http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/System.html#setSecurityManager%28java.lang.SecurityManager%29>), _\"If there is a security manager already installed, this method first calls the security manager's _`_checkPermission_`_ method with a _`_RuntimePermission(\"setSecurityManager\")_`_ permission to ensure it's safe to replace the existing security manager. This may result in throwing a _`_SecurityException\"_`_._ \n \nBy leveraging a number of vulnerabilities, an untrusted Java applet can escalate its privileges to allow full privileges, without requiring code signing. Other vulnerabilities can cause exploitable memory corruption, which could affect Java applets, as well as Java applications, depending on what the Java application does and how it may process untrusted data. Oracle Java 7 Update 11, Java 6 Update 38, and earlier Java versions are affected. \n \nAt least one of these vulnerabilities is reportedly being exploited in the wild. \n \n--- \n \n### Impact\n\nBy convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for these vulnerabilities. The vulnerabilities that affect server deployments of Java may be exploited by causing a Java server application to process untrusted data. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nThese issues are addressed in Java 7 Update 13 and Java 6 Update 39. Please see the [Oracle Java SE Critical Patch Update Advisory](<http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html>) \\- February 2013 for more details. \n \n--- \n \n**Disable Java in web browsers** \n \nStarting with Java 7 Update 10, it is possible to [disable Java content in web browsers](<http://www.java.com/en/download/help/disable_browser.xml>) through the Java control panel applet. Please see the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#disable>) for more details. \n \nSystem administrators wishing to deploy Java 7 Update 10 or later with the \"Enable Java content in the browser\" feature disabled can invoke the Java installer with the `WEB_JAVA=0` command-line option. More details are available in the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#install>). \n \nAlternatively, Microsoft has released a [Fix it](<http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>) that disables Java in the Internet Explorer web browser. \n \n**Restrict access to Java applets** \n \nNetwork administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to `.jar` and `.class` files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Inc.| | -| 05 Feb 2013 \nOracle Corporation| | -| 01 Feb 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23858729 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C \nTemporal | 8.7 | E:H/RL:OF/RC:C \nEnvironmental | 8.7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html>\n * <http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html>\n * <http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showComment=1353874245992#c4794680666510382012>\n * <http://codeascraft.etsy.com/2013/03/18/java-not-even-once/>\n * <http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>\n\n### Credit\n\nThese vulnerabilities were reported by Oracle.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2012-1541](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1541>) [CVE-2012-1543](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1543>) [CVE-2012-3213](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3213>) [CVE-2012-3342](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3342>) [CVE-2012-4301](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4301>) [CVE-2012-4305](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4305>) [CVE-2013-0351](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0351>) [CVE-2013-0409](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0409>) [CVE-2013-0419](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0419>) [CVE-2013-0423](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0423>) [CVE-2013-0424](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0424>) [CVE-2013-0425](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425>) [CVE-2013-0426](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426>) [CVE-2013-0427](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0427>) [CVE-2013-0428](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428>) [CVE-2013-0429](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0429>) [CVE-2013-0430](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0430>) [CVE-2013-0431](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0431>) [CVE-2013-0432](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432>) [CVE-2013-0433](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0433>) [CVE-2013-0434](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0434>) [CVE-2013-0435](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0435>) [CVE-2013-0436](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0436>) [CVE-2013-0437](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0437>) [CVE-2013-0438](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0438>) [CVE-2013-0439](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0439>) [CVE-2013-0440](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0440>) [CVE-2013-0441](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441>) [CVE-2013-0442](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442>) [CVE-2013-0443](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0443>) [CVE-2013-0444](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0444>) [CVE-2013-0445](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445>) [CVE-2013-0446](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0446>) [CVE-2013-0447](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0447>) [CVE-2013-0448](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0448>) [CVE-2013-0449](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0449>) [CVE-2013-0450](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0450>) [CVE-2013-1472](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1472>) [CVE-2013-1473](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1473>) [CVE-2013-1474](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1474>) [CVE-2013-1475](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475>) [CVE-2013-1476](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1476>) [CVE-2013-1477](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1477>) [CVE-2013-1478](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478>) [CVE-2013-1479](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1479>) [CVE-2013-1480](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480>) [CVE-2013-1481](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1481>) [CVE-2013-1482](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1482>) [CVE-2013-1483](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1483>) [CVE-2013-1489](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1489>)\n * US-CERT Alert: [TA13-032A](<http://www.us-cert.gov/cas/techalerts/TA13-032A.html>)\n * Date Public: 01 Feb 2013\n * Date First Published: 01 Feb 2013\n * Date Last Updated: 14 Jun 2013\n * Document Revision: 34\n\n", "published": "2013-02-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/858729", "cvelist": ["CVE-2013-0426", "CVE-2013-0426", "CVE-2012-1541", "CVE-2012-1541", "CVE-2013-0427", "CVE-2013-0427", "CVE-2013-1478", "CVE-2013-1478", "CVE-2013-0428", "CVE-2013-0428", "CVE-2013-0448", "CVE-2013-0448", "CVE-2013-1479", "CVE-2013-1479", "CVE-2013-0429", "CVE-2013-0429", "CVE-2013-1475", "CVE-2013-1475", "CVE-2013-0435", "CVE-2013-0435", "CVE-2013-0442", "CVE-2013-0442", "CVE-2012-3342", "CVE-2012-3342", "CVE-2013-0431", "CVE-2013-0431", "CVE-2013-1472", "CVE-2013-1472", "CVE-2013-1473", "CVE-2013-1473", "CVE-2012-4301", "CVE-2012-4301", "CVE-2013-0434", "CVE-2013-0434", "CVE-2013-0443", "CVE-2013-0443", "CVE-2013-0351", "CVE-2013-0351", "CVE-2013-0444", "CVE-2013-0444", "CVE-2013-0433", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-1480", "CVE-2013-1483", "CVE-2013-1483", "CVE-2013-1474", "CVE-2013-1474", "CVE-2013-0409", "CVE-2013-0409", "CVE-2013-0438", "CVE-2013-0438", "CVE-2013-0439", "CVE-2013-0439", "CVE-2013-1477", "CVE-2013-1477", "CVE-2013-1476", "CVE-2013-1476", "CVE-2013-0447", "CVE-2013-0447", "CVE-2013-0430", "CVE-2013-0430", "CVE-2013-0445", "CVE-2013-0445", "CVE-2013-0432", "CVE-2013-0432", "CVE-2012-4305", "CVE-2012-4305", "CVE-2013-0424", "CVE-2013-0424", "CVE-2012-3213", "CVE-2012-3213", "CVE-2013-0450", "CVE-2013-0450", "CVE-2013-0446", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-0440", "CVE-2013-1481", "CVE-2013-1481", "CVE-2013-0436", "CVE-2013-0436", "CVE-2013-0437", "CVE-2013-0437", "CVE-2013-0425", "CVE-2013-0425", "CVE-2013-0441", "CVE-2013-0441", "CVE-2013-1482", "CVE-2013-1482", "CVE-2013-1489", "CVE-2013-1489", "CVE-2012-1543", "CVE-2012-1543", "CVE-2013-0449", "CVE-2013-0449", "CVE-2013-0423", "CVE-2013-0423", "CVE-2013-0419", "CVE-2013-0419"], "lastseen": "2016-02-03T09:12:09"}, {"id": "VU:688246", "type": "cert", "title": "Oracle Java contains multiple vulnerabilities", "description": "### Overview\n\nOracle Java 7 Update 15, Java 6 Update 41, Java 5.0 Update 40, and earlier versions contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nThe Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems. OpenJDK is an open-source implementation of the Java platform, and the IcedTea project aims to make it easier to deploy OpenJDK, including a web browser plugin. \n\nAdditional details of the vulnerability can be found at FireEye Malware Intelligence Lab [blog post](<http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html#more>). \n \nThis vulnerability is reportedly being exploited in the wild. \n \n--- \n \n### Impact\n\nBy convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for these vulnerabilities. \n \n--- \n \n### Solution\n\n**Apply an update** \n \nThese issues are addressed in Java 7 Update 17 and Java 6 Update 43. Please see the[ Oracle Security Alert for CVE-2013-1493](<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html>) for more details. \n \nUnless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u17. This will help mitigate other Java vulnerabilities that may be discovered in the future. \n \nThis issue has also been addressed in [IcedTea versions 1.11.9 and 1.12.4](<http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html>). \n \n--- \n \n**Disable Java in web browsers** \n \nStarting with Java 7 Update 10, it is possible to [disable Java content in web browsers](<http://www.java.com/en/download/help/disable_browser.xml>) through the Java control panel applet. Please see the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#disable>) for more details. \n \n**Note**: Due to what appears to potentially be a bug in the Java installer, the Java Control Panel applet may be missing on some Windows systems. In such cases, the Java Control Panel applet may be launched by finding and executing `javacpl.exe` manually. This file is likely to be found in `C:\\Program Files\\Java\\jre7\\bin` or `C:\\Program Files (x86)\\Java\\jre7\\bin`. \n \n**Also note** that we have encountered situations on Windows where Java will crash if it has been disabled in the web browser as described above and then subsequently re-enabled. Depending on the browser used, [Michael Horowitz has pointed out](<http://blogs.computerworld.com/cybercrime-and-hacking/21664/understanding-new-security-java-7-update-11>) that performing the same steps on Windows 7 will result in unsigned Java applets executing without prompting in Internet Explorer, despite what the \"Security Level\" slider in the Java Control panel applet is configured to use. We have confirmed this behavior with Internet Explorer on both Windows 7 and Vista. Reinstalling Java appears to correct both of these situations. \n \nSystem administrators wishing to deploy Java 7 Update 10 or later with the \"Enable Java content in the browser\" feature disabled can invoke the Java installer with the `WEB_JAVA=0` command-line option. More details are available in the [Java documentation](<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#install>). \n \nAlternatively, Microsoft has released a [Fix it](<http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>) that disables Java in the Internet Explorer web browser. \n \n**Restrict access to Java applets** \n \nNetwork administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to `.jar` and `.class` files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nOracle Corporation| | -| 05 Mar 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23688246 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C \nTemporal | 8.7 | E:H/RL:OF/RC:C \nEnvironmental | 9.4 | CDP:H/TD:H/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html>\n * <http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html#more>\n * <https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493>\n * <http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html>\n * <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html>\n * <http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx>\n\n### Credit\n\nOracle credits the following people or organizations for reporting security vulnerabilities addressed by this Security Alert to Oracle: an Anonymous Reporter of TippingPoint's Zero Day Initiative; axtaxt viaTipping Point's Zero Day Initiative; Darien Kindlund of FireEye; Vitaliy Toropov via iDefense; and Vitaliy Toropov via TippingPoint.\n\nThis document was written by Michael Orlando.\n\n### Other Information\n\n * CVE IDs: [CVE-2013-1493](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1493>) [CVE-2013-0809](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0809>)\n * Date Public: 04 Mar 2013\n * Date First Published: 05 Mar 2013\n * Date Last Updated: 14 Jun 2013\n * Document Revision: 23\n\n", "published": "2013-03-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.kb.cert.org/vuls/id/688246", "cvelist": ["CVE-2013-0809", "CVE-2013-0809", "CVE-2013-1493", "CVE-2013-1493", "CVE-2013-1493"], "lastseen": "2016-02-03T09:12:47"}], "gentoo": [{"id": "GLSA-201406-32", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "published": "2014-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201406-32", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "lastseen": "2016-09-06T19:46:20"}, {"id": "GLSA-201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "published": "2014-01-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201401-30", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "lastseen": "2016-09-06T19:46:14"}], "zdi": [{"id": "ZDI-13-148", "type": "zdi", "title": "Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within AWT mediaLib. The specific issue lies in the handling of width and height values. The width and height are multiplied against one value when allocating a buffer but is multiplied against another value when copying data into the buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2013-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-148", "cvelist": ["CVE-2013-0809"], "lastseen": "2016-11-09T00:17:48"}, {"id": "ZDI-13-022", "type": "zdi", "title": "Oracle Java AWT Image Transform Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the Java AWT Image Transform library functions. For certain image transformation functions, Java fails to take the 'numBands' into account during the allocation of heap memory and instead uses a static value of 0x4. The allocated memory is later written to inside a loop that uses the 'numBands' value which can result in a memory corruption. This can lead to remote code execution under the context of the current process.", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-022", "cvelist": ["CVE-2013-1480"], "lastseen": "2016-11-09T00:17:54"}, {"id": "ZDI-13-010", "type": "zdi", "title": "Oracle Java PV_ProcessSampleWithSMOD Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the way the Java sound libraries parse Soundbank files. Due to an signed comparison check, it is possible to cause an out of bound read on an array of function pointers. This could lead to remote code execution under the context of the process.", "published": "2013-02-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-010", "cvelist": ["CVE-2013-1481"], "lastseen": "2016-11-09T00:17:57"}, {"id": "ZDI-13-149", "type": "zdi", "title": "Oracle Java cmmColorConvert Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert's native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. By manipulating the functions arguments an attacker can force an integer overflow to occur before indexing into an array. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2013-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-149", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-11-09T00:18:15"}, {"id": "ZDI-13-142", "type": "zdi", "title": "Oracle Java Image ColorConvert Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the native code for initImageLayouts. Buffer overflows exist such that a remote attacker can create a custom image class that can leverage these vulnerabilities to execute code under the context of the user running the process.", "published": "2013-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-142", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-11-09T00:18:00"}], "threatpost": [{"id": "ATTACKERS-BEAT-JAVA-DEFAULT-SECURITY-SETTINGS-SOCIAL-ENGINEERING-030513/77586", "type": "threatpost", "title": "Attackers Beat Java Default Security Settings with Social Engineering", "description": "Oracle\u2019s new security model for Java, in place since the release of Java 7 update 11, is under serious fire now that attackers have demonstrated in the wild how to bypass the updated controls with the help of social engineering.\n\nIn 7U11, [Oracle changed the default security setting in Java from Medium to High](<http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html>), preventing unsigned Java Web applications from executing automatically; users are warned before unsigned applets run, a move intent on preventing silent exploitation, Oracle said.\n\n### Related Posts\n\n#### [Broken 2013 Java Patch Leads to Sandbox Bypass](<https://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/> \"Permalink to Broken 2013 Java Patch Leads to Sandbox Bypass\" )\n\nMarch 14, 2016 , 9:24 am\n\n#### [Oracle Settles with FTC Over \u2018Deceptive\u2019 Java Security Updates](<https://threatpost.com/oracle-settles-with-ftc-over-deceptive-java-security-updates/115689/> \"Permalink to Oracle Settles with FTC Over \u2018Deceptive\u2019 Java Security Updates\" )\n\nDecember 22, 2015 , 8:39 am\n\n#### [Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes](<https://threatpost.com/custom-google-app-engine-tweak-still-leads-to-java-sandbox-escapes/115132/> \"Permalink to Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes\" )\n\nOctober 22, 2015 , 9:06 am\n\nYesterday, a Java exploit was found on a German online dictionary compromised by the g01pack Exploit Kit, researcher [Eric Romang](<http://eromang.zataz.com/2013/03/05/when-a-signed-java-jar-file-is-not-proof-of-trust/>) said. The attack pretends to be a signed ClearWeb Security Update from Clearsult Consulting Inc., a legitimate Texas consultancy. The dialog box presented to the user spoofs the conventions used by the Oracle/Java dialog box that a user would see for a trusted signed Java applet, which encourages the user to trust the applet and run the executable. The dialog box for an untrusted applet has much sterner language, warning that a digital signature could not be verified.\n\nSavvy users who might be inclined to click More Information and Certificate Details tabs presented by the dialog box associated with the malicious applet would see more social engineering regarding the trustworthiness of the Java app. So while the applet did not automatically execute, attackers are trying the next best avenue to exploit it with convincing language hoping the user executes the applet for them.\n\nThe kicker in this case, according to Romang, is that the certificate used in the attack was signed with a stolen private key and the certificate was revoked by GoDaddy on Dec. 7, according to Avast security researcher Jindrich Kubec.\n\n\u201cSigning and verifying files is [such] an important part of the Java platform\u2019s security architecture, that Jarsigner validates the file despite the [fact] the certificate is revoked,\u201d Romang wrote in a blogpost.\n\nAttackers using stolen certificates to sign malware is nothing new, but given the current Java security model, it\u2019s now difficult to trust any certificate.\n\n\u201cBoth self-signed and signed [certificates] produce different dialogs; the signed one, together with social engineering can convince a user that something quite legitimate is happening,\u201d Kubec told Threatpost. \u201cAnd, both signed and self-signed, after the user\u2019s click, now have full access to the computer, without any need of exploit.\u201d\n\nOracle introduced its new security levels in Java 7U10, ranging from Custom, where security settings can be set based on user\u2019s needs, all the way to Very High, where Oracle said users will be prompted before any Java application runs in the browser. In 7U11, the default security setting was set to High.\n\nAs for the GoDaddy certificate used in the attack, the GoDaddy Certificate Authority listed a revocation date of Dec. 7, the date from which it should be considered invalid. The certificate was revoked on Feb. 25, but the first malware sample was snared Feb. 28.\n\nThe root issue, he said, lies in the default settings in place in the Java Control Panel. Signed applications and self-signed applications both are granted elevated privileges by default. And worse, Certificate Revocation List checking is off by default as is the ability to enable online certificate validation.\n\n\u201cI really don\u2019t know what these guys are thinking,\u201d Kubec said of Oracle. \u201cThey give people the tool to shoot themselves in the foot very effectively.\u201d\n\nYesterday, meanwhile, [Oracle rushed an emergency Java update, 7U17](<https://threatpost.com/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413/>) to patch zero-day vulnerabilities CVE-2013-1493 and CVE-2013-0809; the former was discovered last week being exploited in the wild in Java 6 update 41 through Java 7 update 15. In 7U17, the certificate revocation list checking remains off by default, meaning users will have to wait likely until April for the next scheduled Java security update for a possible change.\n\nThe news of the release of Java 7 Update 17 came hours after reports surfaced that [additional vulnerabilities in Java](<https://threatpost.com/prompted-oracle-rejection-researcher-finds-five-new-java-sandbox-vulnerabilities-030413/>) were discovered by researchers at Security Explorations of Poland. That firm said it has reported seven Java vulnerabilities to Oracle since Feb. 25, none of which were addressed in yesterday\u2019s update.\n\nThe new vulnerabilities are related to the Java Reflection API that would allow an attacker to bypass the Java security sandbox. [Two bugs were reported to Oracle on Feb. 25](<https://threatpost.com/two-more-java-zero-days-found-polish-research-team-022513/>), one of which Oracle confirmed as a vulnerability, the other it refused to, calling it \u201callowed behavior,\u201d the company said, adding that it provided Oracle with code samples proving the \u201callowed behavior\u201d is not allowed in Java SE.", "published": "2013-03-05T17:27:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/attackers-beat-java-default-security-settings-social-engineering-030513/77586/", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T20:50:02"}, {"id": "ORACLE-RUSHES-EMERGENCY-JAVA-UPDATE-PATCH-MCRAT-VULNERABILITIES-030413/77584", "type": "threatpost", "title": "Oracle Rushes Emergency Java Update to Patch McRAT Vulnerabilities", "description": "Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today\u2019s update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15.\n\nThe vulnerability allows for arbitrary memory execution in the Java virtual machine process; attackers exploiting the flaw were able to download the McRAT remote access Trojan. McRAT, as it turns out, is not a reliable exploit, experts at [FireEye](<http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html>) said last week, adding that the executable tries to overwrite a large memory chunk and does crash the JVM. If the executable does successfully install itself, it reaches out to a command and control server at 110.173.55.187 for more instructions. This is the same C2 server used in the attack on security company Bit9, FireEye said last week.\n\n### Related Posts\n\n#### [Oracle EBusiness Suite \u2018Massive\u2019 Attack Surface Assessed](<https://threatpost.com/oracle-ebusiness-suite-massive-attack-surface-assessed/119638/> \"Permalink to Oracle EBusiness Suite \u2018Massive\u2019 Attack Surface Assessed\" )\n\nAugust 3, 2016 , 10:14 pm\n\n#### [Oracle Releases Record Number of Security Patches](<https://threatpost.com/oracle-releases-record-number-of-security-patches/115957/> \"Permalink to Oracle Releases Record Number of Security Patches\" )\n\nJanuary 20, 2016 , 2:32 pm\n\n#### [Oracle Settles with FTC Over \u2018Deceptive\u2019 Java Security Updates](<https://threatpost.com/oracle-settles-with-ftc-over-deceptive-java-security-updates/115689/> \"Permalink to Oracle Settles with FTC Over \u2018Deceptive\u2019 Java Security Updates\" )\n\nDecember 22, 2015 , 8:39 am\n\nOracle said [CVE-2013-1493](<http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html>) was reported Feb. 1, too late to be included in its Feb. 19 Critical Patch Update for Java, and originally intended to sit on the fix until the next scheduled Java fix April 16.\n\n\u201cIn light of the reports of active exploitation of CVE-2013-1493, and in order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible,\u201d Oracle\u2019s Eric P. Maurice wrote in the company\u2019s [advisory](<https://blogs.oracle.com/security/entry/security_alert_cve_2013_1493>) today.\n\nBoth vulnerabilities are remotely exploitable and were given Oracle\u2019s highest criticality score.\n\n\u201cBoth vulnerabilities affect the 2D component of Java SE. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications,\u201d Oracle\u2019s Maurice wrote. \u201cThey also do not affect Oracle server-based software.\u201d\n\nThe news of the release of Java 7 Update 17 came hours after reports surfaced that [additional vulnerabilities in Java](<https://threatpost.com/prompted-oracle-rejection-researcher-finds-five-new-java-sandbox-vulnerabilities-030413/>) were discovered by researchers at Security Explorations of Poland. That firm said it has reported seven Java vulnerabilities to Oracle since Feb. 25, none of which were addressed intoday\u2019s update.\n\nResearcher Adam Gowdiak found a handful of new vulnerabilities related to the Java Reflection API that would allow an attacker to bypass the Java security sandbox. [Gowdiak reported two bugs on Feb. 25](<https://threatpost.com/two-more-java-zero-days-found-polish-research-team-022513/>), one of which Oracle confirmed as a vulnerability, the other it refused to, calling it \u201callowed behavior,\u201d the researcher said.\n\nGowdiak said his company provided Oracle with code samples proving the \u201callowed behavior\u201d is not allowed in Java SE.\n\n\u201cThe codes we delivered to Oracle trigger real security exceptions in a response to the attempt to gain same access as the one abused by Issue 54,\u201d he told Threatpost. \u201cWe\u2019ve also found evidence in Oracle\u2019s own Java SE docs that contradicts the company\u2019s claims.\u201d", "published": "2013-03-04T22:37:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413/77584/", "cvelist": ["CVE-2013-0809", "CVE-2013-1493"], "lastseen": "2016-09-04T20:50:05"}, {"id": "ORACLE-PATCHES-CRITICAL-JAVA-FLAWS-7U15-021913/77543", "type": "threatpost", "title": "Oracle Patches Critical Java Flaws in 7u15", "description": "[](<https://threatpost.com/oracle-patches-critical-java-flaws-7u15-021913/>)On a day when Java zero day exploits were fingered in attacks against Apple, Facebook and Twitter, Oracle released the remainder of its quarterly security patch updates for the Java platform.\n\n[Five vulnerabilities were patched in Java 7 Update 15 today](<http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html>), all of them remotely exploitable, and three of them rated of the highest criticality by Oracle.\n\n### Related Posts\n\n#### [Oracle EBusiness Suite \u2018Massive\u2019 Attack Surface Assessed](<https://threatpost.com/oracle-ebusiness-suite-massive-attack-surface-assessed/119638/> \"Permalink to Oracle EBusiness Suite \u2018Massive\u2019 Attack Surface Assessed\" )\n\nAugust 3, 2016 , 10:14 pm\n\n#### [Broken IBM Java Patch Prompts Another Disclosure](<https://threatpost.com/broken-ibm-java-patch-prompts-another-disclosure/117369/> \"Permalink to Broken IBM Java Patch Prompts Another Disclosure\" )\n\nApril 13, 2016 , 11:30 am\n\n#### [Emergency Java Patch Re-Issued for 2013 Vulnerability](<https://threatpost.com/emergency-java-patch-re-issued-for-2013-vulnerability/116967/> \"Permalink to Emergency Java Patch Re-Issued for 2013 Vulnerability\" )\n\nMarch 24, 2016 , 12:05 pm\n\nToday\u2019s fixes come 19 days after Oracle accelerated its regularly scheduled patch release to Feb. 1. That was in response to a [zero-day exploit](<https://threatpost.com/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013/>) discovered Jan. 9 in a number of popular exploit kits; the exploits bypassed the Java sandbox. An emergecy Java update was relased Jan. 17, but it was incomplete, according to a number of researchers who were still able to[ bypass the sandbox](<https://threatpost.com/latest-java-update-broken-two-new-sandbox-bypass-flaws-found-011813/>) security protections innate to the platform.\n\nThe three most severe vulnerabilities (CVE-2013-1487, CVE-2013-1486 and CVE-2013-1484) apply only to client deployments of Java, Oracle. said.\n\n\u201cThis vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets,\u201d Oracle said in its advisory, adding that both run in the sandbox with limited privileges. \u201cDue to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible.\u201d\n\nApple, meanwhile, has pushed out a new version of Java 6 for Mac OS X users that removes the Java plug-in, forcing users to go to Oracle for Java downloads if so desired. The move is in response to a breach disclosure today from Apple, which admitted a number of [Mac machines belonging to Apple employees were compromised by Java exploits](<https://threatpost.com/apple-breached-facebook-hackers-using-java-exploit-021913/>). Apple said the attackers were the same group who hacked Facebook, which admitted a similar breach last Friday, and Twitter, which did likewise on Feb. 1.", "published": "2013-02-19T22:30:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/oracle-patches-critical-java-flaws-7u15-021913/77543/", "cvelist": ["CVE-2013-1486", "CVE-2013-1487", "CVE-2013-1484"], "lastseen": "2016-09-04T20:44:55"}, {"id": "JAVA-ZERO-DAY-PROCESSION-CONTINUES-030113/77575", "type": "threatpost", "title": "The Java Zero-Day Procession Continues", "description": "After a glorious 72-hour stretch without one, security researchers confirmed yesterday that they found [yet another zero-day vulnerability](<https://threatpost.com/two-more-java-zero-days-found-polish-research-team-022513/>) in Oracle\u2019s thoroughly troubled Java platform.\n\nWith a little help from Hermes Bojaxhi and his team at [Cyber Engineering Services](<http://www.cyberesi.com/>), researchers from the security firm FireEye [found](<http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html>) that attackers have successfully exploited this latest zero-day vulnerability in the wild, compromising the machines of users running browsers with Java six update 41 and Java seven update 15.\n\n### Related Posts\n\n#### [Threatpost News Wrap, August 19, 2016](<https://threatpost.com/threatpost-news-wrap-august-19-2016/120003/> \"Permalink to Threatpost News Wrap, August 19, 2016\" )\n\nAugust 19, 2016 , 9:00 am\n\n#### [Breach Forces Password Change on Oracle MICROS PoS Customers](<https://threatpost.com/breach-forces-password-change-on-oracle-micros-pos-customers/119754/> \"Permalink to Breach Forces Password Change on Oracle MICROS PoS Customers\" )\n\nAugust 8, 2016 , 5:21 pm\n\n#### [Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update](<https://threatpost.com/oracle-patches-record-276-vulnerabilities-with-july-critical-patch-update/119373/> \"Permalink to Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update\" )\n\nJuly 20, 2016 , 9:21 am\n\nFireEye researchers Darien Kindlund and Yichong Lin claim that this vulnerability is different from the seemingly endless parade of Java zero-days that precede it. A security manager could pretty easily disable the other vulnerabilities, Kindlund and Lin explain. This one, on the other hand, allows for arbitrary memory reading and writing in the Java Virtual Machine (JVM) process.\n\nThe exploit is compromising browsers by targeting JVM\u2019s internal data structure, overwriting the memory there to zero in order to download a McRAT executable.\n\nThe exploit is apparently not all that reliable due to the large amount of data it attempts to overwrite. In most cases, Kindlund and Lin are watching JVM crash as it attempts, but ultimately fails to download the McRAT executable. However, when payload installs successfully, it reaches out to its command and control server with an HTTP request and starts copying itself into the dynamic link library.\n\nMcRAT is also performing the following pair of registry modifications: \u201cREGISTRYMACHINESYSTEMControlSet001ServicesAppMgmtParameters\u201dServiceDll\u201d = C:Documents and SettingsadminAppMgmt.dll\u201d and \u201cREGISTRYMACHINESYSTEMControlSet001ServicesAppMgmtParameters\u201dServiceDll\u201d = %SystemRoot%System32appmgmts.dll.\u201d\n\nFireEye notified Oracle about the bug before publication and is urging users to disable Java in their browsers or set their Java security settings to \u201chigh\u201d and avoid the execution of unknown Java applets until a patch is shipped. Oracle has since assigned a common vulnerability entry to the flaw: CVE-2013-1493.\n\nIt\u2019s been a turbulent couple of months for Java as an absolute torrent of zero-day vulnerabilities has researchers seriously considering [disabling Oracle\u2019s nearly ubiquitous platform altogether](<https://threatpost.com/its-time-abandon-java-012113/>).", "published": "2013-03-01T16:34:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/java-zero-day-procession-continues-030113/77575/", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-09-04T20:50:14"}, {"id": "MALICIOUS-ADS-INFECT-65-WEBSITES-DROP-ZEROACCESS-TROJAN/101028", "type": "threatpost", "title": "65 Sites Compromised in ZeroAccess Trojan Attacks", "description": "As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites.\n\nWhile the sites aren\u2019t topically related, they\u2019re all hosting advertisements injected with malicious code hosted on googlecodehosting[.]com, googlecodehosting[.]org and googlecodehosting[.]net, all of which resolve to the same IP address, security company Zscaler said. The IP is currently offline.\n\n### Related Posts\n\n#### [Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down](<https://threatpost.com/malvertising-campaign-pushing-neutrino-exploit-kit-shut-down/120322/> \"Permalink to Malvertising Campaign Pushing Neutrino Exploit Kit Shut Down\" )\n\nSeptember 1, 2016 , 2:46 pm\n\n#### [AdGholas Malvertising Campaign Leveraged Steganography, Filtering](<https://threatpost.com/adgholas-malvertising-campaign-leveraged-steganography-filtering/119571/> \"Permalink to AdGholas Malvertising Campaign Leveraged Steganography, Filtering\" )\n\nJuly 29, 2016 , 1:57 pm\n\n#### [Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now](<https://threatpost.com/mac-adware-osx-pirrit-unleashes-ad-overload-for-now/117273/> \"Permalink to Mac Adware OSX.Pirrit Unleashes Ad Overload, For Now\" )\n\nApril 7, 2016 , 5:55 pm\n\nThe ads were delivered by openxadvertising[.]com, which Google SafeBrowsing is blocking, Zscaler said. The attacks are exploiting two Java vulnerabilities [CVE-2013-1493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493>) and [CVE-2013-2423](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423>), both of which are being used to drop [the ZeroAccess Trojan](<http://threatpost.com/zeroaccess-botnet-cashing-click-fraud-and-bitcoin-mining-103012/>) on affected machines, Zscaler said.\n\nZeroAccess is financial malware that deals in click-fraud, Bitcoin theft and includes rootkit capabilities that help it avoid detection from security software. It\u2019s spread primarily through a number of botnets, including [peer-to-peer botnets](<http://threatpost.com/peer-to-peer-botnets-resilient-to-takedown-attempts/>).\n\nGovernment Security News reported this week that its site had been compromised and that Google was warning visitors of malware on the site. GSN covers government-related IT and physical security issues.\n\n\u201cAt first, _GSN_ thought we were a random victim of a cyber-attack with no specific target. Alternatively, we thought we might have been a specific target of what is sometimes called a \u201cspear-fishing attack,\u201d aimed at a single company or organization,\u201d a post on the website said. \u201cBut during the course of Monday, June 17, we learned from a respected malware detection company that its cyber-attack technical experts had encountered the same attack several times in recent days, each aimed at a different media company. One attack was aimed at a radio station in Washington, DC; another was targeted at a public affairs-oriented news organization.\u201d\n\nRadio station WTOP and Federal News Radio, in addition to the Free Beacon website, have been compromised in attacks starting in early May. All of the attacks are similar in that malicious javascript is injected onto the site that redirects visitors to sites hosting more malware.\n\nGSN said its site was clean by late Monday.\n\nZscaler said the previous attacks on media sites were hosted at dynamic DNS providers and the attacks are triggered only when it detects the user is visiting via Internet Explorer. Zscaler also identified three other media sites as compromised: The Christian Post, Real Clear Science and Real Clear Policy.\n\nThe attacks were tagged watering hole attacks by experts; in watering hole attacks, sites of common interest to the target are infected and visitors are redirected to malware. Some watering hole attacks against government websites or human rights organizations have led to malware that monitors a user\u2019s activities online, while other attacks are financially motivated.", "published": "2013-06-19T16:05:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/malicious-ads-infect-65-websites-drop-zeroaccess-trojan/101028/", "cvelist": ["CVE-2013-2423", "CVE-2013-1493"], "lastseen": "2016-09-04T20:50:51"}, {"id": "IE-8-ZERO-DAY-POPS-UP-IN-TARGETED-ATTACKS-AGAINST-KOREAN-MILITARY-SITES/100728", "type": "threatpost", "title": "IE 8 0Day in Sunshop Targeted Espionage Malware Campaign", "description": "Lady Boyle seems to have an admirer.\n\nMalware named after a character in the Dishonored video game continues to pop up in targeted attacks against a number of high profile military and socially motivated websites. The latest surfaced about 10 days ago in an attack researchers at FireEye are calling the Sunshop Campaign.\n\n### Related Posts\n\n#### [ShadowBrokers\u2019 Leak Has \u2018Strong Connection\u2019 to Equation Group](<https://threatpost.com/shadowbrokers-leak-has-strong-connection-to-equation-group/119941/> \"Permalink to ShadowBrokers\u2019 Leak Has \u2018Strong Connection\u2019 to Equation Group\" )\n\nAugust 17, 2016 , 7:30 am\n\n#### [Attributing Advanced Attacks Remains Challenge For Researchers](<https://threatpost.com/attributing-advanced-attacks-remains-challenge-for-researchers/119508/> \"Permalink to Attributing Advanced Attacks Remains Challenge For Researchers\" )\n\nJuly 27, 2016 , 12:27 pm\n\n#### [Congressional Report: China Hacked FDIC And Agency Covered It Up](<https://threatpost.com/congressional-report-china-hacked-fdic-and-agency-covered-it-up/119276/> \"Permalink to Congressional Report: China Hacked FDIC And Agency Covered It Up\" )\n\nJuly 13, 2016 , 4:23 pm\n\nSunshop targeted a number of Korean military and political strategy websites, as well as a Uyghur forum among others with a pair of Java exploits and the recently [patched IE 8 vulnerability](<https://technet.microsoft.com/en-us/security/bulletin/ms13-038>) recently used against the U.S. Department of Labor and a number of other sites. The exploits were redirecting vulnerable visitors to sunshop[.]com[.]tw where a host of malware awaits including Lady Boyle, which has been deployed in other [attacks against the Uyghur](<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&ved=0CFcQFjAF&url=http%3A%2F%2Fthreatpost.com%2Fmalware-arsenal-targets-tibetan-activists-040213%2F&ei=V7ybUZhgq7PRAdzagfAD&usg=AFQjCNGKZ8xrkJiBv_H9dqZlQdevNV6PgQ&sig2=E2KLpJnzNz4LttVm7aPl_A&bvm=bv.46865395,d.dmQ>), in particular, and in the [Winnti attacks](<http://threatpost.com/stolen-winnti-certificates-used-watering-hole-attack-against-tibet-orphans-site-041213/>).\n\n\u201cA number of different Chinese-based espionage threat attackers use that malware, so it\u2019s hard to use that indicator alone as a tie it to one particular threat actor,\u201d said Ned Moran, a researcher at FireEye. \u201cAt least 5 different groups are using that malware. It\u2019s a popular tool used by intrusion actors.\n\n\u201cBased on the sites compromised, there was a clear focus on Korean security and defense related issues,\u201d Moran said. \u201cThe attackers are looking for data around the Korean defense posture.\u201d\n\nThe group behind Sunshop was also behind a 2010 attack on the Nobel Prize website that took advantage of a zero-day in Firefox, FireEye said.\n\nThese attacks can be considered watering hole attacks since all the sites are popular with influential targets and have javascript exploits that redirect victims to espionage-type malware.\n\n\u201cThese sites are well trafficked and the attackers have a strong sense of the audiences of these sites,\u201d Moran said. \u201cThey compromise the sites and wait for traffic to come to them.\u201d\n\nThe Lady Boyle malware, which is a remote access Trojan, is being served from three different command and control servers in the Sunshop attacks. IE8 users who land on the compromised site are hit with an exploit for [CVE-2013-1347](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347>) pulled in from hk[.]sz181[.]com connected to a C&C server at dns[.]homesvr[.]tk. The two Java exploits, meanwhile, exploit [CVE-2013-2423](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2423>) and [CVE-2013-1493](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1493>), both of which have been patched. All of the command and control servers, FireEye said, resolved to 58[.]64[.]205[.]53, used by another domain used to drop Briba malware, also known as the [IExplore RAT](<https://citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf>) targeting NGOs.\n\n\u201cThis is a traditional RAT type of malware that provides access to a machine, runs commands, downloads victim data or uploads new executables to the victim, or runs shell commands,\u201d Moran said. In our experience, we have not seen it used outside this small set of intrusion actors; it\u2019s not commercially available. Whenever see it, tends show up in these types attacks, strategic espionage attacks.\u201d\n\nFireEye researchers also discovered a connection between the Sunshop[.]com[.]tw host and the PoisonIvy RAT used in a number of other targeted attacks.\n\n\u201cThat was the first time [Sunshop] was used as an exploit server; it\u2019s been in play for a few months,\u201d Moran said.", "published": "2013-05-21T14:40:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/ie-8-zero-day-pops-up-in-targeted-attacks-against-korean-military-sites/100728/", "cvelist": ["CVE-2013-2423", "CVE-2013-1347", "CVE-2013-1493"], "lastseen": "2016-09-04T20:53:36"}, {"id": "COUNTER-PHP-FOUND-REDIRECTING-TO-SITES-PEDDLING-STYX-EXPLOIT-KIT/101967", "type": "threatpost", "title": "Counter.php Redirecting to Sites Peddling Styx Exploit Kit", "description": "The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit.\n\nAccording to [a post on Securelist today](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>), Vincente Diaz, a researcher with Kaspersky Lab, discovered counter.php while looking into some of the more popular Web attacks in Spain during the past three months. One bit of code in particular, Trojan.JS.iframe.aeq, jumped out at him.\n\n### Related Posts\n\n#### [Threatpost News Wrap, September 2, 2016](<https://threatpost.com/threatpost-news-wrap-september-2-2016/120332/> \"Permalink to Threatpost News Wrap, September 2, 2016\" )\n\nSeptember 2, 2016 , 9:00 am\n\n#### [Inside the Demise of the Angler Exploit Kit](<https://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/> \"Permalink to Inside the Demise of the Angler Exploit Kit\" )\n\nAugust 30, 2016 , 2:25 pm\n\n#### [Wildfire Ransomware Campaign Disrupted](<https://threatpost.com/wildfire-ransomware-campaign-disrupted/120095/> \"Permalink to Wildfire Ransomware Campaign Disrupted\" )\n\nAugust 24, 2016 , 12:57 pm\n\nAt the end of that source code was counter.php, a malicious redirect that uses an iFrame that initially began popping up in Japan and Spain in [February and March](<http://michajp.blogspot.jp/2013/03/malicious-counterphp.html>) of this year.\n\nCounter.php in turn led Diaz to stumble upon a site passing out the Styx exploit kit, a pricey $3,000 toolkit that enjoyed its peak of popularity earlier this spring.\n\nThanks to a relatively new botnet named [Fort Disco](<http://threatpost.com/fort-disco-brute-force-attack-campaign-targets-cms-websites/101723>), researchers found a PHP-redirector earlier this month that also sent victims to sites hosting Styx, suggesting the malicious sites in both situations are one in the same.\n\nAccording to Diaz the exploit kit runs a script function called PluginDetect to profile the victim and determine which version of Java the user is running. It then exploits one of a handful of \u2013 mostly Java \u2013 vulnerabilities:\n\n * \u201cjorg.html\u201d CVE-2013-0422\n * \u201cjlnp.html\u201d CVE-2013-2423\n * \u201cpdfx.html loads \u201cfnts.html\u201d CVE-2011-3402\n * \u201cjovf.html\u201d CVE-2013-1493\n * and downloads a .pdf file CVE-2010-0188\n\nDiaz goes on to describe how the sites passing out Styx may have gotten infected, suggesting their FTP accounts may have been compromised. After contacting the sites\u2019 corresponding hosting companies though, Diaz was able to glean a little more about the most recent iteration of counter.php.\n\nLooking at the functions and strings, \u201cwhen users are redirected to counter.php, then there is a second redirection to stat.php,\u201d a filter that helps the kit avoid reinfections and avoid signature detection.\n\n\u201cAs stat.php does not check that the parameter IP is the remote address, now we know how to create requests for getting samples from the exploit kit,\u201d Diaz said.\n\nIf all this wasn\u2019t enough, it goes on to install a dropper that downloads a fake antivirus or ZeroAccess Trojan to the infected machine, according to the blog post. Further analysis of that malware is forthcoming, but for Diaz\u2019s in-depth account on Counter.php and how he found the Styx kits, head [here](<http://www.securelist.com/en/blog/9151/Visit_from_an_old_friend_Counter_php#page_top>).", "published": "2013-08-12T14:52:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/counter-php-found-redirecting-to-sites-peddling-styx-exploit-kit/101967/", "cvelist": ["CVE-2011-3402", "CVE-2013-2423", "CVE-2010-0188", "CVE-2013-1493", "CVE-2013-0422"], "lastseen": "2016-09-04T20:45:38"}], "oracle": [{"id": "ORACLE:CPUOCT2012-1515893", "type": "oracle", "title": "Oracle Critical Patch Update - October 2012", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 109 new security fixes across the product families listed below.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "published": "2012-10-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2012-5092", "CVE-2012-3175", "CVE-2012-3182", "CVE-2012-0518", "CVE-2012-3163", "CVE-2012-3166", "CVE-2012-3140", "CVE-2012-3176", "CVE-2012-3193", "CVE-2012-3144", "CVE-2012-1751", "CVE-2012-1685", "CVE-2012-0093", "CVE-2012-3199", "CVE-2012-3161", "CVE-2012-3160", "CVE-2012-3222", "CVE-2012-3223", "CVE-2012-0071", "CVE-2012-3181", "CVE-2012-3146", "CVE-2012-3147", "CVE-2012-3204", "CVE-2012-3148", "CVE-2012-5066", "CVE-2012-3156", "CVE-2012-5094", "CVE-2012-1763", "CVE-2012-3202", "CVE-2012-5085", "CVE-2012-3153", "CVE-2012-3164", "CVE-2012-3150", "CVE-2012-3214", "CVE-2012-3186", "CVE-2012-3151", "CVE-2012-0217", "CVE-2012-3180", "CVE-2012-3152", "CVE-2012-3167", "CVE-2012-5064", "CVE-2012-3149", "CVE-2012-5081", "CVE-2012-3197", "CVE-2012-3142", "CVE-2012-3207", "CVE-2012-5065", "CVE-2012-3173", "CVE-2012-3158", "CVE-2012-3206", "CVE-2012-3217", "CVE-2012-3210", "CVE-2012-3162", "CVE-2012-3201", "CVE-2012-3137", "CVE-2012-5083", "CVE-2012-0108", "CVE-2012-3209", "CVE-2012-3185", "CVE-2012-3154", "CVE-2012-5090", "CVE-2012-5093", "CVE-2012-0095", "CVE-2012-3227", "CVE-2012-0092", "CVE-2012-0086", "CVE-2012-3187", "CVE-2012-3141", "CVE-2012-5063", "CVE-2012-3194", "CVE-2012-3191", "CVE-2012-3224", "CVE-2012-3226", "CVE-2012-3215", "CVE-2012-3139", "CVE-2012-3188", "CVE-2012-3132", "CVE-2012-3138", "CVE-2012-3171", "CVE-2012-3228", "CVE-2012-3203", "CVE-2012-3200", "CVE-2012-3157", "CVE-2012-3145", "CVE-2012-0106", "CVE-2012-5061", "CVE-2012-3208", "CVE-2012-3183", "CVE-2012-3211", "CVE-2012-3205", "CVE-2012-1531", "CVE-2012-3195", "CVE-2012-3165", "CVE-2011-1411", "CVE-2012-5095", "CVE-2012-3184", "CVE-2012-3177", "CVE-2012-5091", "CVE-2012-3189", "CVE-2012-3229", "CVE-2012-3179", "CVE-2012-3225", "CVE-2012-3155", "CVE-2012-3221", "CVE-2012-3230", "CVE-2012-3196", "CVE-2012-1686", "CVE-2012-3198", "CVE-2012-0090", "CVE-2012-5058", "CVE-2012-0107", "CVE-2012-3212"], "lastseen": "2018-04-18T20:24:12"}], "freebsd": [{"id": "D5E0317E-5E45-11E2-A113-C48508086173", "type": "freebsd", "title": "java 7.x -- security manager bypass", "description": "\nUS CERT reports:\n\nJava 7 Update 10 and earlier versions of Java 7 contain a\n\t vulnerability that can allow a remote, unauthenticated\n\t attacker to execute arbitrary code on a vulnerable\n\t system.\nThe Java JRE plug-in provides its own Security Manager.\n\t Typically, a web applet runs with a security manager\n\t provided by the browser or Java Web Start plugin. Oracle's\n\t document states, \"If there is a security manager already\n\t installed, this method first calls the security manager's\n\t checkPermission method with a\n\t RuntimePermission(\"setSecurityManager\") permission to ensure\n\t it's safe to replace the existing security manager. This may\n\t result in throwing a SecurityException\".\nBy leveraging the vulnerability in the Java Management\n\t Extensions (JMX) MBean components, unprivileged Java code\n\t can access restricted classes. By using that vulnerability\n\t in conjunction with a second vulnerability involving the\n\t Reflection API and the invokeWithArguments method of the\n\t MethodHandle class, an untrusted Java applet can escalate\n\t its privileges by calling the the setSecurityManager()\n\t function to allow full privileges, without requiring code\n\t signing. Oracle Java 7 update 10 and earlier Java 7 versions\n\t are affected. The invokeWithArguments method was introduced\n\t with Java 7, so therefore Java 6 is not affected.\nThis vulnerability is being attacked in the wild, and is\n\t reported to be incorporated into exploit kits. Exploit code\n\t for this vulnerability is also publicly available.\n\nEsteban Guillardoy from Immunity Inc. additionally clarifies\n\t on the recursive reflection exploitation technique:\n\nThe real issue is in the native\n\t sun.reflect.Reflection.getCallerClass method.\nWe can see the following information in the Reflection\n\t source code:\nReturns the class of the method realFramesToSkip frames\n\t up the stack (zero-based), ignoring frames associated with\n\t java.lang.reflect.Method.invoke() and its\n\t implementation.\nSo what is happening here is that they forgot to skip the\n\t frames related to the new Reflection API and only the old\n\t reflection API is taken into account.\n\nThis exploit does not only affect Java applets, but every\n\t piece of software that relies on the Java Security Manager for\n\t sandboxing executable code is affected: malicious code can\n\t totally disable Security Manager.\nFor users who are running native Web browsers with enabled\n\t Java plugin, the workaround is to remove the java/icedtea-web\n\t port and restart all browser instances.\nFor users who are running Linux Web browser flavors, the\n\t workaround is either to disable the Java plugin in browser\n\t or to upgrade linux-sun-* packages to the non-vulnerable\n\t version.\nIt is not recommended to run untrusted applets using\n\t appletviewer, since this may lead to the execution of the\n\t malicious code on vulnerable versions on JDK/JRE.\n", "published": "2013-01-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/d5e0317e-5e45-11e2-a113-c48508086173.html", "cvelist": ["CVE-2013-0433"], "lastseen": "2016-09-26T17:24:33"}], "seebug": [{"id": "SSV:60629", "type": "seebug", "title": "Oracle Java SE JMX\u5b50\u7ec4\u4ef6\u8fdc\u7a0bJRE\u6f0f\u6d1e(CVE-2013-0450)", "description": "BUGTRAQ ID: 57703\r\nCVE(CAN) ID: CVE-2013-0450\r\n\r\nOracle Java Runtime Environment (JRE)\u662f\u4e00\u6b3e\u4e3aJAVA\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u53ef\u9760\u8fd0\u884c\u73af\u5883\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nJava Runtime Environment\u7ec4\u4ef6\u7684JMX\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u672a\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f71\u54cd\u5176\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u3001\u53ef\u7528\u6027\u3002\r\n0\r\nOracle Sun JRE <= JavaFX 2.2.4\r\nOracle Sun JRE <= 7 Update 11\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOracle\r\n------\r\nOracle\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08javacpufeb2013verbose-1841196\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\njavacpufeb2013verbose-1841196\uff1aText Form of Oracle Java SE Critical Patch Update - February 2013 Risk Matrices\r\n\u94fe\u63a5\uff1ahttp://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html", "published": "2013-02-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-60629", "cvelist": ["CVE-2013-0450"], "lastseen": "2017-11-19T17:46:39"}, {"id": "SSV:60997", "type": "seebug", "title": "IBM Security AppScan Enterprise \u5f31\u5bc6\u7801\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e(CVE-2013-0531)", "description": "BUGTRAQ ID: 62179\r\nCVE(CAN) ID: CVE-2013-0531\r\n\r\nIBM Securityl AppScan Enterprise \u662f\u4e00\u4e2a\u57fa\u4e8eWeb \u7684\u591a\u7528\u6237Web \u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u63d0\u4f9b\u96c6\u4e2d\u7684\u5b89\u5168\u6027\u626b\u63cf\u3001\u6570\u636e\u5408\u5e76\u548c\u62a5\u544a\u3001\u8865\u6551\u529f\u80fd\u3001\u6267\u884c\u4eea\u8868\u677f\u7b49\u529f\u80fd\r\n\r\nIBM Security AppScan Enterprise (\u5373\u4e4b\u524d\u7684IBM Rational AppScan Enterprise) \u652f\u6301\u4f7f\u7528\u5f31\u52a0\u5bc6\u7b97\u6cd5\u7684SSL\u5957\u4ef6\uff0c\u653b\u51fb\u8005\u65e0\u9700\u672c\u5730\u7f51\u7edc\u8bbf\u95ee\u53ca\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5373\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u89e3\u5bc6\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u8baf\uff0c\u6216\u5728\u5ba2\u6237\u7aef\u4e0a\u6267\u884c\u4e2d\u95f4\u4eba\u653b\u51fb\uff0c\u4ece\u800c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\r\n0\r\nIBM Rational AppScan Enterprise 5.6-8.7\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nIBM\r\n---\r\nIBM\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff081640352\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\n1640352\uff1aMultiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0531, CVE-2013-0440, CVE-2013-2997)\r\n\u94fe\u63a5\uff1ahttp://www-01.ibm.com/support/docview.wss?uid=swg21640352", "published": "2013-09-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-60997", "cvelist": ["CVE-2013-0440", "CVE-2013-0531", "CVE-2013-2997"], "lastseen": "2017-11-19T17:40:35"}, {"id": "SSV:78588", "type": "seebug", "title": "Java CMM Remote Code Execution", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-78588", "cvelist": ["CVE-2013-1493"], "lastseen": "2017-11-19T17:21:02"}, {"id": "SSV:61553", "type": "seebug", "title": "HP Service Manager\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "CVE ID:CVE-2013-1493\u3001CVE-2013-2067\u3001CVE-2013-6202\r\n\r\nHP Service Manager\u662f\u4e00\u6b3e\u8f6f\u4ef6\u5373\u670d\u52a1\u53ef\u4ee5\u5e2e\u52a9\u60a8\u8fc5\u901f\u90e8\u7f72\u4e00\u4e2a\u5168\u9762\u7684IT \u670d\u52a1\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\nHP Service Manager\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff1a\r\n1\uff0c\u4e0d\u6b63\u786e\u8fc7\u6ee4\u8fd4\u56de\u7ed9\u7528\u6237\u7684\u8f93\u5165\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\r\n2\uff0c\u5e94\u7528\u7a0b\u5e8f\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002\r\n3\uff0c\u5b58\u5728\u672a\u660e\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\r\n4\uff0c\u5b58\u5728\u672a\u660e\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8bbf\u95ee\u90e8\u5206\u53d7\u9650\u5e94\u7528\u3002\r\n5\uff0c\u5b58\u5728\u672a\u660e\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u90e8\u5206\u6570\u636e\u3002\n0\nHP Service Manager 9.30\r\nHP Service Manager 9.31\r\nHP Service Manager 9.32\r\nHP Service Manager 9.33\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nHP\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04117626", "published": "2014-02-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-61553", "cvelist": ["CVE-2013-1493", "CVE-2013-2067", "CVE-2013-6202"], "lastseen": "2017-11-19T17:31:45"}], "symantec": [{"id": "SMNTC-58238", "type": "symantec", "title": "Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability", "description": "### Description\n\nOracle Java SE is prone to a remote code execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. This vulnerability affects the following supported versions: JDK and JRE 7 Update 15 and prior JDK and JRE 6 Update 41 and prior JDK and JRE 5.0 Update 40 and prior\n\n### Technologies Affected\n\n * Apple Mac OS X 10.6.8 \n * Apple Mac OS X 10.7 \n * Apple Mac OS X 10.7.1 \n * Apple Mac OS X 10.7.2 \n * Apple Mac OS X 10.7.3 \n * Apple Mac OS X 10.7.4 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8 \n * Apple Mac OS X 10.8.1 \n * Apple Mac OS X 10.8.2 \n * Apple Mac OS X Server 10.0.1 \n * Apple Mac OS X Server 10.6.8 \n * Apple Mac OS X Server 10.7 \n * Apple Mac OS X Server 10.7.1 \n * Apple Mac OS X Server 10.7.2 \n * Apple Mac OS X Server 10.7.3 \n * Apple Mac OS X Server 10.7.4 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Enablement Services 6.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 2.1 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Communication Manager 5.2 \n * Avaya Aura Communication Manager 5.2.1 \n * Avaya Aura Communication Manager 5.2.1 SP2 \n * Avaya Aura Communication Manager 5.2.1 SP5 \n * Avaya Aura Communication Manager 6.0 \n * Avaya Aura Communication Manager 6.0.1 \n * Avaya Aura Communication Manager 6.2 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.1.0.9.8 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.2.4.0.15 \n * Avaya Aura Communication Manager Utility Services 6.2.5.0.15 \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0 SP1 \n * Avaya Aura Experience Portal 6.0 SP2 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura SIP Enablement Services 5.0 \n * Avaya Aura SIP Enablement Services 5.1 \n * Avaya Aura SIP Enablement Services 5.2 \n * Avaya Aura SIP Enablement Services 5.2.1 \n * Avaya Aura Session Manager 1.1 \n * Avaya Aura Session Manager 1.1.1 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.2.3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 6.0 \n * Avaya Aura System Platform 6.0 SP2 \n * Avaya Aura System Platform 6.0 SP3 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2 SP1 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.2.1.0.9 \n * Avaya Call Management System R 15 \n * Avaya Call Management System R 16 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0 SP1 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IP Office Server Edition 8.0 \n * Avaya IP Office Server Edition 8.1 \n * Avaya IQ 4.0 \n * Avaya IQ 4.1.0 \n * Avaya IQ 4.2 \n * Avaya IQ 5 \n * Avaya IQ 5.1 \n * Avaya IQ 5.1.1 \n * Avaya IQ 5.2 \n * Avaya IR 4.0 \n * Avaya Meeting Exchange - Client Registration Server 6.0 \n * Avaya Meeting Exchange - Recording Server 6.0 \n * Avaya Meeting Exchange - Streaming Server 6.0 \n * Avaya Meeting Exchange - Web Conferencing Server 6.0 \n * Avaya Meeting Exchange - Webportal 6.0 \n * Avaya Message Networking 5.2 \n * Avaya Message Networking 5.2 SP1 \n * Avaya Message Networking 5.2 SP3 \n * Avaya Message Networking 5.2.1 \n * Avaya Message Networking 5.2.2 \n * Avaya Message Networking 5.2.3 \n * Avaya Message Networking 5.2.4 \n * Avaya Message Networking 5.2.5 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Storage Server 5.2.12 \n * Avaya Messaging Storage Server 5.2.13 \n * Avaya Messaging Storage Server 5.2.14 \n * Avaya Messaging Storage Server 5.2.2 \n * Avaya Messaging Storage Server 5.2.8 \n * Avaya Messaging Storage Server 5.2.9 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.0 SP1 \n * Avaya Voice Portal 5.0 SP2 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1 SP1 \n * Avaya Voice Portal 5.1 SP3 \n * Avaya Voice Portal 5.1 Sp2 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Fedoraproject Fedora 17 \n * Fedoraproject Fedora 18 \n * Gentoo Linux \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.31 \n * HP NonStop Server H06.15.00 \n * HP NonStop Server H06.15.01 \n * HP NonStop Server H06.15.02 \n * HP NonStop Server H06.16.00 \n * HP NonStop Server H06.16.01 \n * HP NonStop Server H06.16.02 \n * HP NonStop Server H06.17.00 \n * HP NonStop Server H06.17.01 \n * HP NonStop Server H06.17.02 \n * HP NonStop Server H06.17.03 \n * HP NonStop Server H06.18.00 \n * HP NonStop Server H06.18.01 \n * HP NonStop Server H06.18.02 \n * HP NonStop Server H06.19.00 \n * HP NonStop Server H06.19.01 \n * HP NonStop Server H06.19.02 \n * HP NonStop Server H06.19.03 \n * HP NonStop Server H06.20.00 \n * HP NonStop Server H06.20.01 \n * HP NonStop Server H06.20.02 \n * HP NonStop Server H06.20.03 \n * HP NonStop Server H06.21.00 \n * HP NonStop Server H06.21.01 \n * HP NonStop Server H06.21.02 \n * HP NonStop Server H06.22.00 \n * HP NonStop Server H06.22.01 \n * HP NonStop Server H06.23 \n * HP NonStop Server H06.24 \n * HP NonStop Server H06.24.01 \n * HP NonStop Server H06.25 \n * HP NonStop Server H06.25.01 \n * HP NonStop Server H06.26 \n * HP NonStop Server H06.26.01 \n * HP NonStop Server H06.27 \n * HP NonStop Server J06.04.00 \n * HP NonStop Server J06.04.01 \n * HP NonStop Server J06.04.02 \n * HP NonStop Server J06.05.00 \n * HP NonStop Server J06.05.01 \n * HP NonStop Server J06.05.02 \n * HP NonStop Server J06.06.00 \n * HP NonStop Server J06.06.01 \n * HP NonStop Server J06.06.02 \n * HP NonStop Server J06.06.03 \n * HP NonStop Server J06.07.00 \n * HP NonStop Server J06.07.01 \n * HP NonStop Server J06.07.02 \n * HP NonStop Server J06.08.00 \n * HP NonStop Server J06.08.01 \n * HP NonStop Server J06.08.02 \n * HP NonStop Server J06.08.03 \n * HP NonStop Server J06.08.04 \n * HP NonStop Server J06.09.00 \n * HP NonStop Server J06.09.01 \n * HP NonStop Server J06.09.02 \n * HP NonStop Server J06.09.03 \n * HP NonStop Server J06.09.04 \n * HP NonStop Server J06.10.00 \n * HP NonStop Server J06.10.01 \n * HP NonStop Server J06.10.02 \n * HP NonStop Server J06.11.00 \n * HP NonStop Server J06.11.01 \n * HP NonStop Server J06.12.00 \n * HP NonStop Server J06.13 \n * HP NonStop Server J06.13.01 \n * HP NonStop Server J06.14 \n * HP NonStop Server J06.14.02 \n * HP NonStop Server J06.15 \n * HP NonStop Server J06.15.01 \n * HP NonStop Server J06.16 \n * HP NonStop Server J6.0.14.01 \n * HP Service Manager 7.11 \n * HP Service Manager 9.31 \n * HP Service Manager 9.32 \n * HP Service Manager 9.33 \n * Hitachi Cosminexus Application Server 05-00 (AIX) \n * Hitachi Cosminexus Application Server 05-00 (HP-UX) \n * Hitachi Cosminexus Application Server 05-00 (Windows) \n * Hitachi Cosminexus Application Server 05-00-/A (AIX) \n * Hitachi Cosminexus Application Server 05-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/B (AIX) \n * Hitachi Cosminexus Application Server 05-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/C (AIX) \n * Hitachi Cosminexus Application Server 05-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-00-/D (AIX) \n * Hitachi Cosminexus Application Server 05-00-/E (AIX) \n * Hitachi Cosminexus Application Server 05-00-/F (AIX) \n * Hitachi Cosminexus Application Server 05-00-/G (AIX) \n * Hitachi Cosminexus Application Server 05-00-/H (AIX) \n * Hitachi Cosminexus Application Server 05-00-/I (AIX) \n * Hitachi Cosminexus Application Server 05-00-/I (Windows) \n * Hitachi Cosminexus Application Server 05-00-/J (AIX) \n * Hitachi Cosminexus Application Server 05-00-/K (AIX) \n * Hitachi Cosminexus Application Server 05-00-/L (AIX) \n * Hitachi Cosminexus Application Server 05-00-/M (AIX) \n * Hitachi Cosminexus Application Server 05-00-/N (AIX) \n * Hitachi Cosminexus Application Server 05-00-/O (AIX) \n * Hitachi Cosminexus Application Server 05-00-/P (AIX) \n * Hitachi Cosminexus Application Server 05-00-/Q (AIX) \n * Hitachi Cosminexus Application Server 05-00-/R (AIX) \n * Hitachi Cosminexus Application Server 05-00-/S (AIX) \n * Hitachi Cosminexus Application Server 05-01 (Windows) \n * Hitachi Cosminexus Application Server 05-01-/A (Windows) \n * Hitachi Cosminexus Application Server 05-01-/B (Windows) \n * Hitachi Cosminexus Application Server 05-01-/C (Windows) \n * Hitachi Cosminexus Application Server 05-01-/D (Windows) \n * Hitachi Cosminexus Application Server 05-01-/E (Windows) \n * Hitachi Cosminexus Application Server 05-01-/F (Windows) \n * Hitachi Cosminexus Application Server 05-01-/G (Windows) \n * Hitachi Cosminexus Application Server 05-01-/H (Windows) \n * Hitachi Cosminexus Application Server 05-01-/I (Windows) \n * Hitachi Cosminexus Application Server 05-01-/J (Windows) \n * Hitachi Cosminexus Application Server 05-01-/K (Windows) \n * Hitachi Cosminexus Application Server 05-01-/L (Windows) \n * Hitachi Cosminexus Application Server 05-02 (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/D (HP-UX) \n * Hitachi Cosminexus Application Server 05-02-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (AIX) \n * Hitachi Cosminexus Application Server 05-05 (HP-UX) \n * Hitachi Cosminexus Application Server 05-05 (Linux) \n * Hitachi Cosminexus Application Server 05-05 (Windows) \n * Hitachi Cosminexus Application Server 05-05-/A (AIX) \n * Hitachi Cosminexus Application Server 05-05-/A (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/A (Linux) \n * Hitachi Cosminexus Application Server 05-05-/A (Windows) \n * Hitachi Cosminexus Application Server 05-05-/B (AIX) \n * Hitachi Cosminexus Application Server 05-05-/B (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/B (Linux) \n * Hitachi Cosminexus Application Server 05-05-/B (Windows) \n * Hitachi Cosminexus Application Server 05-05-/C (AIX) \n * Hitachi Cosminexus Application Server 05-05-/C (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/C (Linux) \n * Hitachi Cosminexus Application Server 05-05-/C (Windows) \n * Hitachi Cosminexus Application Server 05-05-/D (AIX) \n * Hitachi Cosminexus Application Server 05-05-/D (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/D (Linux) \n * Hitachi Cosminexus Application Server 05-05-/D (Windows) \n * Hitachi Cosminexus Application Server 05-05-/E (AIX) \n * Hitachi Cosminexus Application Server 05-05-/E (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/E (Linux) \n * Hitachi Cosminexus Application Server 05-05-/E (Windows) \n * Hitachi Cosminexus Application Server 05-05-/F (AIX) \n * Hitachi Cosminexus Application Server 05-05-/F (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/F (Linux) \n * Hitachi Cosminexus Application Server 05-05-/F (Windows) \n * Hitachi Cosminexus Application Server 05-05-/G (AIX) \n * Hitachi Cosminexus Application Server 05-05-/G (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/G (Linux) \n * Hitachi Cosminexus Application Server 05-05-/G (Windows) \n * Hitachi Cosminexus Application Server 05-05-/H (AIX) \n * Hitachi Cosminexus Application Server 05-05-/H (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/H (Windows) \n * Hitachi Cosminexus Application Server 05-05-/H(Linux) \n * Hitachi Cosminexus Application Server 05-05-/I (AIX) \n * Hitachi Cosminexus Application Server 05-05-/I (HP-UX) \n * Hitachi Cosminexus Application Server 05-05-/I (Linux) \n * Hitachi Cosminexus Application Server 05-05-/I (Windows) \n * Hitachi Cosminexus Application Server 05-05-/J (AIX) \n * Hitachi Cosminexus Application Server 05-05-/J (Windows) \n * Hitachi Cosminexus Application Server 05-05-/K (AIX) \n * Hitachi Cosminexus Application Server 05-05-/K (Windows) \n * Hitachi Cosminexus Application Server 05-05-/L (AIX) \n * Hitachi Cosminexus Application Server 05-05-/L (Windows) \n * Hitachi Cosminexus Application Server 05-05-/M (AIX) \n * Hitachi Cosminexus Application Server 05-05-/M (Windows) \n * Hitachi Cosminexus Application Server 05-05-/M \n * Hitachi Cosminexus Application Server 05-05-/N (Windows) \n * Hitachi Cosminexus Application Server 05-05-/O (AIX) \n * Hitachi Cosminexus Application Server 05-05-/O (Windows) \n * Hitachi Cosminexus Application Server 05-05-/P (Windows) \n * Hitachi Cosminexus Application Server 5.0 \n * Hitachi Cosminexus Application Server 5.0.0 \n * Hitachi Cosminexus Application Server Enterprise 06-00 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/F (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/G (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/H (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/H (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/C(*1) (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/E(*1) (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/G (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Enterprise 06-50-C(*1) (Solaris) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51 (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/A (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/B(*1) (Linux(IPF)) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/C (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/C (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/D (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/D (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/E (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/F (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/G (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/H (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/I (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/J (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/K (Windows) \n * Hitachi Cosminexus Application Server Enterprise 06-51-/L (Windows) \n * Hitachi Cosminexus Application Server Enterprise 6 \n * Hitachi Cosminexus Application Server Enterprise 6.0.0 \n * Hitachi Cosminexus Application Server Standard 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-00-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-00-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/F (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/G (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/H (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/H (Windows) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Linux) \n * Hitachi Cosminexus Application Server Standard 06-02-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50 (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/B(Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/C(*1) (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/C(*1) (Solaris) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/E(*1) (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (HP-UX) \n * Hitachi Cosminexus Application Server Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-50-/G (AIX \n * Hitachi Cosminexus Application Server Standard 06-50-/G (AIX) \n * Hitachi Cosminexus Application Server Standard 06-50-/I (AIX) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51 (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/A (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/B (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/B(*1) (Linux(IPF)) \n * Hitachi Cosminexus Application Server Standard 06-51-/C (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/C (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/D (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/D (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Linux) \n * Hitachi Cosminexus Application Server Standard 06-51-/E (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/F (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/G (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/H (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/I (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/J (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/K (Windows) \n * Hitachi Cosminexus Application Server Standard 06-51-/L (Windows) \n * Hitachi Cosminexus Application Server Standard 3 \n * Hitachi Cosminexus Application Server Standard 6 \n * Hitachi Cosminexus Application Server Standard 6.0.0 \n * Hitachi Cosminexus Application Server Standard Version 6 06-00 (AIX) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50 (Solaris) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50-/C (Solaris) \n * Hitachi Cosminexus Application Server Standard Version 6 06-50-/F (AIX) \n * Hitachi Cosminexus Client 06-00 (Windows) \n * Hitachi Cosminexus Client 06-00-/I (Windows) \n * Hitachi Cosminexus Client 06-02 (Windows) \n * Hitachi Cosminexus Client 06-02-/G (Windows) \n * Hitachi Cosminexus Client 06-50 (Windows) \n * Hitachi Cosminexus Client 06-50-/F (Windows) \n * Hitachi Cosminexus Client 06-51 (Windows) \n * Hitachi Cosminexus Client 06-51-/K (Windows) \n * Hitachi Cosminexus Client 06-51-/L (Windows) \n * Hitachi Cosminexus Client 6 \n * Hitachi Cosminexus Developer 05-00 (Windows) \n * Hitachi Cosminexus Developer 05-00-/I (Windows) \n * Hitachi Cosminexus Developer 05-01 (Windows) \n * Hitachi Cosminexus Developer 05-01-/A (Windows) \n * Hitachi Cosminexus Developer 05-01-/B (Windows) \n * Hitachi Cosminexus Developer 05-01-/C (Windows) \n * Hitachi Cosminexus Developer 05-01-/D (Windows) \n * Hitachi Cosminexus Developer 05-01-/E (Windows) \n * Hitachi Cosminexus Developer 05-01-/F (Windows) \n * Hitachi Cosminexus Developer 05-01-/G (Windows) \n * Hitachi Cosminexus Developer 05-01-/H (Windows) \n * Hitachi Cosminexus Developer 05-01-/I (Windows) \n * Hitachi Cosminexus Developer 05-01-/J (Windows) \n * Hitachi Cosminexus Developer 05-01-/K (Windows) \n * Hitachi Cosminexus Developer 05-01-/L (Windows) \n * Hitachi Cosminexus Developer 05-05 (Windows) \n * Hitachi Cosminexus Developer 05-05-/A (Windows) \n * Hitachi Cosminexus Developer 05-05-/B (Windows) \n * Hitachi Cosminexus Developer 05-05-/C (Windows) \n * Hitachi Cosminexus Developer 05-05-/D (Windows) \n * Hitachi Cosminexus Developer 05-05-/E (Windows) \n * Hitachi Cosminexus Developer 05-05-/F (Windows) \n * Hitachi Cosminexus Developer 05-05-/G (Windows) \n * Hitachi Cosminexus Developer 05-05-/H (Windows) \n * Hitachi Cosminexus Developer 05-05-/I (Windows) \n * Hitachi Cosminexus Developer 05-05-/J (Windows) \n * Hitachi Cosminexus Developer 05-05-/K (Windows) \n * Hitachi Cosminexus Developer 05-05-/L (Windows) \n * Hitachi Cosminexus Developer 05-05-/M (Windows) \n * Hitachi Cosminexus Developer 05-05-/N (Windows) \n * Hitachi Cosminexus Developer 05-05-/O (Windows) \n * Hitachi Cosminexus Developer 05-05-/P (Windows) \n * Hitachi Cosminexus Developer 05-05-/Q (Windows) \n * Hitachi Cosminexus Developer 5 \n * Hitachi Cosminexus Developer 5.0.0 \n * Hitachi Cosminexus Developer Light 06-00 (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Light 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-02 (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-50 (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51 (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Light 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Light 6 \n * Hitachi Cosminexus Developer Professional 06-00 (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Professional 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-02 (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-50 (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-51 (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Professional 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Professional 6 \n * Hitachi Cosminexus Developer Professional 6.0.0 \n * Hitachi Cosminexus Developer Standard 06-00 (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/H (Windows) \n * Hitachi Cosminexus Developer Standard 06-00-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-02 (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-02-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-50 (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-50-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51 (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/A (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/B (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/C (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/D (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/E (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/F (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/G (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/H (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/I (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/J (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/K (Windows) \n * Hitachi Cosminexus Developer Standard 06-51-/L (Windows) \n * Hitachi Cosminexus Developer Standard 6 \n * Hitachi Cosminexus Developer Standard 6.0.0 \n * Hitachi Cosminexus Primary Server Base 6.0.0 \n * Hitachi Cosminexus Server - Standard Edition 04-00 (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (AIX) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (HP-UX) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (Solaris) \n * Hitachi Cosminexus Server - Standard Edition 04-01 (Windows) \n * Hitachi Cosminexus Server - Standard Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Server - Standard Edition 4 \n * Hitachi Cosminexus Server - Web Edition 04-00 (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-01 (HP-UX) \n * Hitachi Cosminexus Server - Web Edition 04-01 (Solaris) \n * Hitachi Cosminexus Server - Web Edition 04-01 (Windows) \n * Hitachi Cosminexus Server - Web Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Server - Web Edition 4 \n * Hitachi Cosminexus Studio - Standard Edition 04-00 (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-01 (Windows) \n * Hitachi Cosminexus Studio - Standard Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Studio - Standard Edition \n * Hitachi Cosminexus Studio - Web Edition 04-00 (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-00-/A (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-01 (Windows) \n * Hitachi Cosminexus Studio - Web Edition 04-01-/A (Windows) \n * Hitachi Cosminexus Studio - Web Edition \n * Hitachi Cosminexus Studio 05-00 (Windows) \n * Hitachi Cosminexus Studio 05-00-/I (Windows) \n * Hitachi Cosminexus Studio 05-01 (Windows) \n * Hitachi Cosminexus Studio 05-01-/L (Windows) \n * Hitachi Cosminexus Studio 05-05 (Windows) \n * Hitachi Cosminexus Studio 05-05-/P (Windows) \n * Hitachi Cosminexus Studio 05-05-/Q (Windows) \n * Hitachi Cosminexus Studio 5 \n * Hitachi uCosminexus Application Server Enterprise 06-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/A Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/C (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/D (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/E (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/H (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/L (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/M (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/N (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/N (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/O (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/A (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/A (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/B (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/C (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/D (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/D (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/F (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/G (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/G (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/H (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/H (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-71-/J (Windows) \n * Hitachi uCosminexus Application Server Enterprise 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72(*1) (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/B (Linux) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/E (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 06-72-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Solaris) \n * Hitachi uCosminexus Application Server Enterprise 07-00 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00 HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-00-01 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-00-01 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-02 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-03 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 07-00-12 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-10 \n * Hitachi uCosminexus Application Server Enterprise 07-10 HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-01 HP-UX(IPF) \n * Hitachi uCosminexus Application Server Enterprise 07-10-06 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-08 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-10-1 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 07-50 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-50 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 07-50-01 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 07-50-01 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 08-53 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 08-53 (Windows) \n * Hitachi uCosminexus Application Server Enterprise 08-70 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (AIX) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Linux) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Enterprise 09-00 (Windows) \n * Hitachi uCosminexus Application Server Express 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Express 08-00 (AIX) \n * Hitachi uCosminexus Application Server Express 08-00 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-00 (Linux) \n * Hitachi uCosminexus Application Server Express 08-00 (Solaris(SPARC \n * Hitachi uCosminexus Application Server Express 08-00 (Windows) \n * Hitachi uCosminexus Application Server Express 08-20 (Solaris (x6) \n * Hitachi uCosminexus Application Server Express 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Express 08-50 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 08-70 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (AIX) \n * Hitachi uCosminexus Application Server Express 09-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Express 09-00 (Linux) \n * Hitachi uCosminexus Application Server Express 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Express 09-00 (Windows) \n * Hitachi uCosminexus Application Server Light 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Light 08-50 (Linux (IPF)) \n * Hitachi uCosminexus Application Server Light 09-00 (AIX) \n * Hitachi uCosminexus Application Server Light 09-00 (HP-UX (IPF)) \n * Hitachi uCosminexus Application Server Light 09-00 (Linux) \n * Hitachi uCosminexus Application Server Light 09-00 (Windows (x64)) \n * Hitachi uCosminexus Application Server Light 09-00 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition 08-70 (Windows) \n * Hitachi uCosminexus Application Server Smart Edition \n * Hitachi uCosminexus Application Server Standard 02-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70 (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70 (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/A (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/B (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/B(Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/C (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/D (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/E (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Linux) \n * Hitachi uCosminexus Application Server Standard 06-70-/G (Windows) \n * Hitachi uCosminexus Application Server Standard 06-70-/H (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/H (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/I (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/J (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/K (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/L (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/M (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/N (AIX) \n * Hitachi uCosminexus Application Server Standard 06-70-/N (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/O (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/P (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 06-70-/Q (AIX) \n * Hitachi uCosminexus Application Server Standard 06-71 (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71 (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/A (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/A (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/B (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/B (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/C (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/C (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/D (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/D (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/F (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/G (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/G (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/H (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/H (Windows) \n * Hitachi uCosminexus Application Server Standard 06-71-/I (Linux) \n * Hitachi uCosminexus Application Server Standard 06-71-/J (Windows) \n * Hitachi uCosminexus Application Server Standard 06-72 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72(*1) (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/A (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/B (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/B(*1) (Linux) \n * Hitachi uCosminexus Application Server Standard 06-72-/C (Solaris) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (AIX) \n * Hitachi uCosminexus Application Server Standard 06-72-/D (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/E (HP-UX) \n * Hitachi uCosminexus Application Server Standard 06-72-/G(HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-00 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00 (Solaris) \n * Hitachi uCosminexus Application Server Standard 07-00 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-01 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-00-01 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-02 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-00-03 (Windows) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-10 (HP-UX) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 07-10 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-10-01 HP-UX(IPF) \n * Hitachi uCosminexus Application Server Standard 07-50 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-50 (Linux) \n * Hitachi uCosminexus Application Server Standard 07-50-01 (AIX) \n * Hitachi uCosminexus Application Server Standard 07-50-01 (Linux) \n * Hitachi uCosminexus Application Server Standard 08-00 (Solaris(SPARC)) \n * Hitachi uCosminexus Application Server Standard 08-20 (Solaris(x64)) \n * Hitachi uCosminexus Application Server Standard 08-50 (AIX) \n * Hitachi uCosminexus Application Server Standard 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Application Server Standard 08-53 (Linux) \n * Hitachi uCosminexus Application Server Standard 08-53 (Windows) \n * Hitachi uCosminexus Application Server Standard 09-00 (AIX) \n * Hitachi uCosminexus Application Server Standard 09-00 (HP-UX (IPF)) \n * Hitachi uCosminexus Application Server Standard 09-00 (Linux) \n * Hitachi uCosminexus Application Server Standard 09-00 (Windows(x64)) \n * Hitachi uCosminexus Application Server Standard 09-00 (Windows) \n * Hitachi uCosminexus Application Server Standard \n * Hitachi uCosminexus Application Server Standard Version 6 \n * Hitachi uCosminexus Application Server Standard-R 08-70 (Windows) \n * Hitachi uCosminexus Application Server Standard-R \n * Hitachi uCosminexus Client 06-70 (Windows) \n * Hitachi uCosminexus Client 06-70-/D (Windows) \n * Hitachi uCosminexus Client 06-70-/F (Windows) \n * Hitachi uCosminexus Client 06-70-/G (Windows) \n * Hitachi uCosminexus Client 06-71 (Windows) \n * Hitachi uCosminexus Client 06-71-/D (Windows) \n * Hitachi uCosminexus Client 06-71-/F (Windows) \n * Hitachi uCosminexus Client 06-71-/G (Windows) \n * Hitachi uCosminexus Client 06-71-/H (Windows) \n * Hitachi uCosminexus Client 06-71-/J (Windows) \n * Hitachi uCosminexus Client 07-00 (Windows) \n * Hitachi uCosminexus Client 07-00-03 (AIX) \n * Hitachi uCosminexus Client 07-00-03 (Linux) \n * Hitachi uCosminexus Client 07-00-03 (Windows) \n * Hitachi uCosminexus Client 07-10 (Windows) \n * Hitachi uCosminexus Client 07-10-01 (Windows) \n * Hitachi uCosminexus Client 07-20 (Windows) \n * Hitachi uCosminexus Client 07-20-01 (Windows) \n * Hitachi uCosminexus Client 07-50 (Windows) \n * Hitachi uCosminexus Client 07-50-01 (Windows) \n * Hitachi uCosminexus Client 08-53 (Windows) \n * Hitachi uCosminexus Client 09-00 (Linux) \n * Hitachi uCosminexus Client 09-00 (Windows) \n * Hitachi uCosminexus Client 09-00 \n * Hitachi uCosminexus Client for Plug-in \n * Hitachi uCosminexus Developer 01 \n * Hitachi uCosminexus Developer Light 06-70 (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Light 06-71 (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Light 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Light 6 \n * Hitachi uCosminexus Developer Light 6.7 \n * Hitachi uCosminexus Developer Light 7 \n * Hitachi uCosminexus Developer Light 8 \n * Hitachi uCosminexus Developer Professional 06-70 (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Professional 06-71 (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Professional 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Professional 08-53 (Windows) \n * Hitachi uCosminexus Developer Professional 09-00(Windows) \n * Hitachi uCosminexus Developer Professional 7 \n * Hitachi uCosminexus Developer Professional 8 \n * Hitachi uCosminexus Developer Professional \n * Hitachi uCosminexus Developer Professional for Plug-in 08-70 (Windows) \n * Hitachi uCosminexus Developer Professional for Plug-in \n * Hitachi uCosminexus Developer Standard 06-70 (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/A (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/B (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/C (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/D (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-70-/G (Windows) \n * Hitachi uCosminexus Developer Standard 06-71 (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/A (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/B (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/C (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/D (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/F (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/G (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/H (Windows) \n * Hitachi uCosminexus Developer Standard 06-71-/J (Windows) \n * Hitachi uCosminexus Developer Standard 08-53 (Windows) \n * Hitachi uCosminexus Developer Standard 7 \n * Hitachi uCosminexus Developer Standard 8 \n * Hitachi uCosminexus Developer Standard \n * Hitachi uCosminexus Operator 07-00 (Windows) \n * Hitachi uCosminexus Operator 07-00-03 (AIX) \n * Hitachi uCosminexus Operator 07-00-03 (Linux) \n * Hitachi uCosminexus Operator 07-00-03 (Windows) \n * Hitachi uCosminexus Operator 07-10 (Windows) \n * Hitachi uCosminexus Operator 07-10-01 (Windows) \n * Hitachi uCosminexus Operator 07-20 (Windows) \n * Hitachi uCosminexus Operator 07-20-01 (Windows) \n * Hitachi uCosminexus Operator 07-50 (Windows) \n * Hitachi uCosminexus Operator 07-50-01 (Windows) \n * Hitachi uCosminexus Operator 7 \n * Hitachi uCosminexus Operator 8 \n * Hitachi uCosminexus Primary Server Base \n * Hitachi uCosminexus Service Architect 07-00 (Windows) \n * Hitachi uCosminexus Service Architect 07-00-03 (AIX) \n * Hitachi uCosminexus Service Architect 07-00-03 (Linux) \n * Hitachi uCosminexus Service Architect 07-00-03 (Windows) \n * Hitachi uCosminexus Service Architect 07-10 (Windows) \n * Hitachi uCosminexus Service Architect 07-10-01 (Windows) \n * Hitachi uCosminexus Service Architect 07-20 (Windows) \n * Hitachi uCosminexus Service Architect 07-20-01 (Windows) \n * Hitachi uCosminexus Service Architect 07-50 (Windows) \n * Hitachi uCosminexus Service Architect 07-50-01 (Windows) \n * Hitachi uCosminexus Service Architect 08-53 (Windows) \n * Hitachi uCosminexus Service Architect 09-00 \n * Hitachi uCosminexus Service Architect 7 \n * Hitachi uCosminexus Service Architect 8 \n * Hitachi uCosminexus Service Platform - Messaging \n * Hitachi uCosminexus Service Platform 07-00 (Linux) \n * Hitachi uCosminexus Service Platform 07-00 (Windows) \n * Hitachi uCosminexus Service Platform 07-00-03 (AIX) \n * Hitachi uCosminexus Service Platform 07-00-03 (Linux) \n * Hitachi uCosminexus Service Platform 07-00-03 (Windows) \n * Hitachi uCosminexus Service Platform 07-00-12 (Linux) \n * Hitachi uCosminexus Service Platform 07-10 (AIX) \n * Hitachi uCosminexus Service Platform 07-10 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 07-10 (Linux) \n * Hitachi uCosminexus Service Platform 07-10 (Windows) \n * Hitachi uCosminexus Service Platform 07-10-01 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 07-10-01 (Windows) \n * Hitachi uCosminexus Service Platform 07-10-06 (AIX) \n * Hitachi uCosminexus Service Platform 07-10-06 (Linux) \n * Hitachi uCosminexus Service Platform 07-20 (Windows) \n * Hitachi uCosminexus Service Platform 07-20-01 (Windows) \n * Hitachi uCosminexus Service Platform 07-50 (Linux) \n * Hitachi uCosminexus Service Platform 07-50 (Windows) \n * Hitachi uCosminexus Service Platform 07-50-01 (Windows) \n * Hitachi uCosminexus Service Platform 08-50 (AIX) \n * Hitachi uCosminexus Service Platform 08-50 (HP-UX(IPF)) \n * Hitachi uCosminexus Service Platform 08-50 (Linux(IPF)) \n * Hitachi uCosminexus Service Platform 08-53 (Linux) \n * Hitachi uCosminexus Service Platform 08-53 (Windows) \n * Hitachi uCosminexus Service Platform 09-00 (Windows) \n * Hitachi uCosminexus Service Platform 09-00 AIX (64) \n * Hitachi uCosminexus Service Platform 09-00 HP-UX (IPF) \n * Hitachi uCosminexus Service Platform 09-00 Linux (x64) \n * Hitachi uCosminexus Service Platform 09-00 Windows (x64) \n * IBM Java SDK 1.4.2 \n * IBM Java SDK 5 \n * IBM Java SDK 6 \n * IBM Java SDK 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.5 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Notes 8.0.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 9.0 \n * IBM Maximo Asset Management 6.2 \n * IBM Maximo Asset Management 7.1 \n * IBM Maximo Asset Management 7.5 \n * IBM Maximo Asset Management Essentials 7.1 \n * IBM Maximo Asset Management Essentials 7.5 \n * IBM Rational Functional Tester 8.0.0.1 \n * IBM Rational Functional Tester 8.0.0.2 \n * IBM Rational Functional Tester 8.0.0.3 \n * IBM Rational Functional Tester 8.0.0.4 \n * IBM Rational Functional Tester 8.1 \n * IBM Rational Functional Tester 8.1.0.1 \n * IBM Rational Functional Tester 8.1.0.2 \n * IBM Rational Functional Tester 8.1.0.3 \n * IBM Rational Functional Tester 8.1.1 \n * IBM Rational Functional Tester 8.1.1.1 \n * IBM Rational Functional Tester 8.1.1.2 \n * IBM Rational Functional Tester 8.1.1.3 \n * IBM Rational Functional Tester 8.2 \n * IBM Rational Functional Tester 8.2.0.2 \n * IBM Rational Functional Tester 8.2.1.1 \n * IBM Rational Functional Tester 8.2.2 \n * IBM Rational Functional Tester 8.2.2.1 \n * IBM Rational Functional Tester 8.3 \n * IBM Rational Functional Tester 8.3.0.1 \n * IBM Rational Functional Tester 8.5.0.1 \n * IBM Rational Host On-Demand 11.0.0 \n * IBM Rational Host On-Demand 11.0.7 \n * IBM Service Delivery Manager 7.2.1 \n * IBM Service Delivery Manager 7.2.2 \n * IBM Service Delivery Manager 7.2.4 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.3 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.4 \n * IBM Tivoli Business Service Manager 4.2 \n * IBM Tivoli Business Service Manager 4.2.1 \n * IBM Tivoli Business Service Manager 6.1 \n * IBM Tivoli Business Service Manager 6.1.1 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Endpoint Manager for Remote Control 9.0.0 \n * IBM Tivoli Netcool/OMNIbus 7.2.1 \n * IBM Tivoli Netcool/OMNIbus 7.3.0 \n * IBM Tivoli Netcool/OMNIbus 7.3.1 \n * IBM Tivoli Netcool/OMNIbus 7.4.0 \n * IBM Tivoli Remote Control 5.1.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.1 \n * IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.2 \n * IBM Tivoli System Automation Application Manager 3.1 \n * IBM Tivoli System Automation Application Manager 3.2 \n * IBM Tivoli System Automation Application Manager 3.2.1 \n * IBM Tivoli System Automation Application Manager 3.2.2 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1 \n * IBM WebSphere ILOG JRules 7.1.1 \n * IBM WebSphere MQ 7.0 \n * IBM WebSphere MQ 7.0.0 2 \n * IBM WebSphere MQ 7.0.0.1 \n * IBM WebSphere MQ 7.0.1 7 \n * IBM WebSphere MQ 7.0.1.1 \n * IBM WebSphere MQ 7.0.1.2 \n * IBM WebSphere MQ 7.0.1.3 \n * IBM WebSphere MQ 7.0.1.4 \n * IBM WebSphere MQ 7.0.1.5 \n * IBM WebSphere MQ 7.0.1.6 \n * IBM WebSphere MQ 7.0.1.8 \n * IBM WebSphere MQ 7.0.1.9 \n * IBM WebSphere MQ 7.1 \n * IBM WebSphere MQ 7.1.0.1 \n * IBM WebSphere MQ 7.1.0.2 \n * IBM WebSphere MQ 7.5 \n * IBM WebSphere MQ 7.5.0.1 \n * IBM WebSphere Message Broker 6.1.0.11 \n * IBM WebSphere Message Broker 7.0.0.5 \n * IBM WebSphere Message Broker 8.0.0.2 \n * IBM WebSphere Operational Decision Management 7.5.0.0 \n * IBM WebSphere Operational Decision Management 8.0.1 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Mandriva Enterprise Server 5 \n * Mandriva Enterprise Server 5 X86 64 \n * McAfee ePO-MVT 1.0.7 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_34 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_34 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_39 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_13 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_39 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.5.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_40 \n * Oracle JDK(Linux Production Release) 1.6.0_41 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_13 \n * Oracle JDK(Linux Production Release) 1.7.0_14 \n * Oracle JDK(Linux Production Release) 1.7.0_15 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_40 \n * Oracle JDK(Solaris Production Release) 1.6.0_41 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_14 \n * Oracle JDK(Solaris Production Release) 1.7.0_15 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_40 \n * Oracle JDK(Windows Production Release) 1.6.0_41 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_14 \n * Oracle JDK(Windows Production Release) 1.7.0_15 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_38 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.5.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_40 \n * Oracle JRE(Linux Production Release) 1.6.0_41 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_13 \n * Oracle JRE(Linux Production Release) 1.7.0_14 \n * Oracle JRE(Linux Production Release) 1.7.0_15 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_40 \n * Oracle JRE(Solaris Production Release) 1.6.0_41 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_12 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_14 \n * Oracle JRE(Solaris Production Release) 1.7.0_15 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_40 \n * Oracle JRE(Windows Production Release) 1.6.0_41 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_14 \n * Oracle JRE(Windows Production Release) 1.7.0_15 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Redhat Network Satellite (for RHEL 5) 5.5 \n * Redhat Network Satellite (for RHEL 6) 5.5 \n * Schneider-Electric Trio TView Software 3.27.0 \n * SuSE Linux Enterprise Software Development Kit 11 SP2 \n * SuSE SUSE Linux Enterprise 10 SP4 \n * SuSE SUSE Linux Enterprise Java 10 SP4 \n * SuSE SUSE Linux Enterprise Java 11 SP2 \n * SuSE SUSE Linux Enterprise Server 11 SP2 \n * SuSE SUSE Linux Enterprise Server for VMware 11 SP2 \n * SuSE Suse Linux Enterprise Desktop 10 SP4 \n * SuSE Suse Linux Enterprise Desktop 11 SP2 \n * SuSE openSUSE 12.1 \n * Ubuntu Ubuntu Linux 10.04 ARM \n * Ubuntu Ubuntu Linux 10.04 Amd64 \n * Ubuntu Ubuntu Linux 10.04 I386 \n * Ubuntu Ubuntu Linux 10.04 Powerpc \n * Ubuntu Ubuntu Linux 10.04 Sparc \n * Ubuntu Ubuntu Linux 11.10 amd64 \n * Ubuntu Ubuntu Linux 11.10 i386 \n * Ubuntu Ubuntu Linux 12.04 LTS amd64 \n * Ubuntu Ubuntu Linux 12.04 LTS i386 \n * Ubuntu Ubuntu Linux 12.10 amd64 \n * Ubuntu Ubuntu Linux 12.10 i386 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information. The payloads delivered by the exploit kits are detected by Symantec as 'Trojan.Zbot' and 'Trojan.Horse'.\n", "published": "2013-02-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/58238", "cvelist": ["CVE-2013-1347", "CVE-2013-1493"], "lastseen": "2018-03-13T14:30:54"}], "packetstorm": [{"id": "PACKETSTORM:120999", "type": "packetstorm", "title": "Java CMM Remote Code Execution", "description": "", "published": "2013-03-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/120999/Java-CMM-Remote-Code-Execution.html", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-12-05T22:24:26"}], "saint": [{"id": "SAINT:51A2291C38A67B94F1A59FA697D24885", "type": "saint", "title": "Java Runtime Environment Color Management memory overwrite", "description": "Added: 04/04/2013 \nCVE: [CVE-2013-1493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493>) \nBID: [58238](<http://www.securityfocus.com/bid/58238>) \nOSVDB: [90737](<http://www.osvdb.org/90737>) \n\n\n### Background\n\nThe Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files. \n\n### Problem\n\nA memory overwrite vulnerability in the Color Management code in the JVM process allows command execution when a specially crafted JAR file is opened. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to a version higher than JRE 7 Update 15, JRE 6 Update 41, or JRE 5.0 Update 40. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/688246> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 15 and requires a user to open the exploit page in a browser. \n\n### Platforms\n\nWindows \n \n\n", "published": "2013-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/jre_color_management", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-12-14T16:58:03"}, {"id": "SAINT:D5BB5F482A2457E3A68B487877468626", "type": "saint", "title": "Java Runtime Environment Color Management memory overwrite", "description": "Added: 04/04/2013 \nCVE: [CVE-2013-1493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493>) \nBID: [58238](<http://www.securityfocus.com/bid/58238>) \nOSVDB: [90737](<http://www.osvdb.org/90737>) \n\n\n### Background\n\nThe Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files. \n\n### Problem\n\nA memory overwrite vulnerability in the Color Management code in the JVM process allows command execution when a specially crafted JAR file is opened. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to a version higher than JRE 7 Update 15, JRE 6 Update 41, or JRE 5.0 Update 40. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/688246> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 15 and requires a user to open the exploit page in a browser. \n\n### Platforms\n\nWindows \n \n\n", "published": "2013-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/jre_color_management", "cvelist": ["CVE-2013-1493"], "lastseen": "2017-01-10T14:03:45"}, {"id": "SAINT:95FFF6793FF19509924D6AF152CDEE79", "type": "saint", "title": "Java Runtime Environment Color Management memory overwrite", "description": "Added: 04/04/2013 \nCVE: [CVE-2013-1493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493>) \nBID: [58238](<http://www.securityfocus.com/bid/58238>) \nOSVDB: [90737](<http://www.osvdb.org/90737>) \n\n\n### Background\n\nThe Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files. \n\n### Problem\n\nA memory overwrite vulnerability in the Color Management code in the JVM process allows command execution when a specially crafted JAR file is opened. \n\n### Resolution\n\n[Upgrade](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>) to a version higher than JRE 7 Update 15, JRE 6 Update 41, or JRE 5.0 Update 40. \n\n### References\n\n<http://www.kb.cert.org/vuls/id/688246> \n\n\n### Limitations\n\nExploit works on JRE 7 Update 15 and requires a user to open the exploit page in a browser. \n\n### Platforms\n\nWindows \n \n\n", "published": "2013-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.saintcorporation.com/cgi-bin/exploit_info/jre_color_management", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-10-03T15:01:54"}], "exploitdb": [{"id": "EDB-ID:24904", "type": "exploitdb", "title": "Java CMM Remote Code Execution", "description": "Java CMM Remote Code Execution. CVE-2013-1493. Remote exploit for windows platform", "published": "2013-03-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/24904/", "cvelist": ["CVE-2013-1493"], "lastseen": "2016-02-03T00:15:19"}], "metasploit": [{"id": "MSF:EXPLOIT/WINDOWS/BROWSER/JAVA_CMM", "type": "metasploit", "title": "Java CMM Remote Code Execution", "description": "This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.", "published": "2013-03-26T21:30:18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2013-1493"], "lastseen": "2018-04-18T00:28:47"}], "zdt": [{"id": "1337DAY-ID-20578", "type": "zdt", "title": "Java CMM Remote Code Execution Vulnerability", "description": "This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.", "published": "2013-03-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/20578", "cvelist": ["CVE-2013-1493"], "lastseen": "2018-01-08T19:07:46"}]}}