{"id": "REDHAT-RHSA-2013-1447.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-10-22T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2013-5783", "https://access.redhat.com/security/cve/cve-2013-5817", "https://access.redhat.com/security/cve/cve-2013-5802", "https://access.redhat.com/security/cve/cve-2013-5823", "https://access.redhat.com/security/cve/cve-2013-5804", "https://access.redhat.com/security/cve/cve-2013-5840", "https://access.redhat.com/security/cve/cve-2013-5790", "https://access.redhat.com/security/cve/cve-2013-5814", "https://access.redhat.com/security/cve/cve-2013-5851", "https://access.redhat.com/security/cve/cve-2013-5780", "https://access.redhat.com/security/cve/cve-2013-5803", "https://access.redhat.com/security/cve/cve-2013-5838", "https://access.redhat.com/security/cve/cve-2013-5778", "https://access.redhat.com/security/cve/cve-2013-5800", "https://access.redhat.com/security/cve/cve-2013-5782", "https://access.redhat.com/security/cve/cve-2013-4002", "https://access.redhat.com/security/cve/cve-2013-5825", "https://access.redhat.com/security/cve/cve-2013-5820", "https://access.redhat.com/errata/RHSA-2013:1447", "https://access.redhat.com/security/cve/cve-2013-5809", "https://access.redhat.com/security/cve/cve-2013-5797", "https://access.redhat.com/security/cve/cve-2013-5842", "https://access.redhat.com/security/cve/cve-2013-5830", "https://access.redhat.com/security/cve/cve-2013-5850", "https://access.redhat.com/security/cve/cve-2013-5784", "https://access.redhat.com/security/cve/cve-2013-5774", "https://access.redhat.com/security/cve/cve-2013-5849", "https://access.redhat.com/security/cve/cve-2013-5829", "https://access.redhat.com/security/cve/cve-2013-5772", "https://access.redhat.com/security/cve/cve-2013-3829"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "type": "nessus", "lastseen": "2018-11-13T17:05:09", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "383fc42d572c6c9c906b5bcae57af5fcad3aea112670ae13e80addbadb3132f5", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-08-30T19:52:32", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:52:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 2, "enchantments": {}, "hash": "5b3dcfcb47278006b5e4e04f590469299592621a01fdd79c2058f6a3856bc0dd", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "aa68929fd1eb36b57f2e26cc3d07d7d9", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2017-01-06T02:16:22", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:16:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 3, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "841d520eaeee2f51a935586ddec10d890b9f44e2d0a5e99cef671ac558db689f", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "aa68929fd1eb36b57f2e26cc3d07d7d9", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2017-10-29T13:42:53", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:29:44 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:42:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "701c3e6065ed514f713539cabaabaf8516346ad209225359398807c59023c148", "hashmap": [{"hash": "7f86b488cde79959076c92cafc9748f6", "key": "modified"}, {"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a9c3b1413d5261efd840acf539752673", "key": "sourceData"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-09-12T10:09:24", "modified": "2018-09-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/09/10 11:37:05\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 4}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2018-09-12T10:09:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 6, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "b6dc56bc13dc97a53156f35371e1d7596f85d2adb38ae60cb508455318a45763", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-09-02T00:01:38", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-09-02T00:01:38"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"], "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}}, "hash": "b6dc56bc13dc97a53156f35371e1d7596f85d2adb38ae60cb508455318a45763", "hashmap": [{"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "c7edc6c61a927ed317ac130b51fac2d6", "key": "cpe"}, {"hash": "7c03779312ffcb90b2c1d0c697a916c4", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5202b03f701d8ce3aa7ec293f5085c0c", "key": "sourceData"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2018-07-30T14:14:25", "modified": "2018-07-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/26 18:45:28\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T14:14:25"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 1, "hash": "bd8b6ab6b60671faf9f83178d8501a4e0d31ed501e1a3d729dae72146bd34d09", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "118382c03abaa3b485dbe4bb05d7fce0", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "bbd32ee296cd9916b85e8a3a2785f280", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "6b88e9e1569a7e403c2a9fd24de5e45b", "key": "href"}, {"hash": "f4263cb7ab9b83d87b6d91af466e0d19", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "5b253987191eeddaec27a34011982132", "key": "published"}, {"hash": "4fbd848df540aebf66e3dacc295ede8d", "key": "title"}, {"hash": "98f00858001a0dd10fbd90da55b4ee8c", "key": "modified"}, {"hash": "a8d17209fbdcb219e541d75f87424838", "key": "sourceData"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "0f53e31ba1befcd78a8de722fd263e97", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=70536", "id": "REDHAT-RHSA-2013-1447.NASL", "lastseen": "2016-09-26T17:25:55", "modified": "2014-11-08T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "70536", "published": "2013-10-22T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2013-5849.html", "https://www.redhat.com/security/data/cve/CVE-2013-5814.html", "https://www.redhat.com/security/data/cve/CVE-2013-3829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5820.html", "https://www.redhat.com/security/data/cve/CVE-2013-5778.html", "https://www.redhat.com/security/data/cve/CVE-2013-5825.html", "https://www.redhat.com/security/data/cve/CVE-2013-5842.html", "https://www.redhat.com/security/data/cve/CVE-2013-5829.html", "https://www.redhat.com/security/data/cve/CVE-2013-5772.html", "https://www.redhat.com/security/data/cve/CVE-2013-5803.html", "https://www.redhat.com/security/data/cve/CVE-2013-5797.html", "https://www.redhat.com/security/data/cve/CVE-2013-5830.html", "https://www.redhat.com/security/data/cve/CVE-2013-5809.html", "https://www.redhat.com/security/data/cve/CVE-2013-5782.html", "https://www.redhat.com/security/data/cve/CVE-2013-5840.html", "https://www.redhat.com/security/data/cve/CVE-2013-5774.html", "https://www.redhat.com/security/data/cve/CVE-2013-5838.html", "https://www.redhat.com/security/data/cve/CVE-2013-5800.html", "https://www.redhat.com/security/data/cve/CVE-2013-4002.html", "https://www.redhat.com/security/data/cve/CVE-2013-5851.html", "https://www.redhat.com/security/data/cve/CVE-2013-5850.html", "https://www.redhat.com/security/data/cve/CVE-2013-5823.html", "https://www.redhat.com/security/data/cve/CVE-2013-5817.html", "https://www.redhat.com/security/data/cve/CVE-2013-5790.html", "https://www.redhat.com/security/data/cve/CVE-2013-5780.html", "https://www.redhat.com/security/data/cve/CVE-2013-5783.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html", "https://www.redhat.com/security/data/cve/CVE-2013-5784.html", "https://www.redhat.com/security/data/cve/CVE-2013-5802.html", "https://www.redhat.com/security/data/cve/CVE-2013-5804.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/11/08 02:22:00 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_osvdb_id(95418, 98524, 98525, 98526, 98531, 98532, 98535, 98536, 98544, 98546, 98548, 98549, 98550, 98551, 98552, 98558, 98559, 98560, 98562, 98563, 98564, 98565, 98566, 98567, 98568, 98569, 98571, 98572, 98573);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5800.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5838.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-1447.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "title": "RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:25:55"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "c7edc6c61a927ed317ac130b51fac2d6"}, {"key": "cvelist", "hash": "bbd32ee296cd9916b85e8a3a2785f280"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "f4263cb7ab9b83d87b6d91af466e0d19"}, {"key": "href", "hash": "6b88e9e1569a7e403c2a9fd24de5e45b"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "0f53e31ba1befcd78a8de722fd263e97"}, {"key": "published", "hash": "5b253987191eeddaec27a34011982132"}, {"key": "references", "hash": "7c227a0b29ef5453bb173ec2a39ffd5d"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "4eeb823ca9e01c5a375ca8975dd6a20d"}, {"key": "title", "hash": "4fbd848df540aebf66e3dacc295ede8d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8893ec0d8fb28504c60037f3cd55a74a1df3d37db3b34d276c5736e9614193d2", "viewCount": 4, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70536);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"RHEL 5 : java-1.7.0-openjdk (RHSA-2013:1447)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5838\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1447\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "70536", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-openjdk-javadoc"]}

{"nessus": [{"lastseen": "2018-12-02T15:42:47", "references": ["https://usn.ubuntu.com/2033-1/"], "pluginID": "71037", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2013-11-22T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2033-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib", "p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2033-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71037", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2033-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71037);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/12/01 13:19:08\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63115, 63118, 63120, 63121, 63128, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"USN\", value:\"2033-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2033-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure and data integrity. An attacker could exploit\nthese to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of\nservice. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ndata integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784,\nCVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose\nsensitive data over the network. (CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker\ncould exploit these to cause a denial of service or expose sensitive\ndata over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809,\nCVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830,\nCVE-2013-5842, CVE-2013-5850).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2033-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-cacao\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:icedtea-6-jre-jamvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openjdk-6-jre-zero\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.6-1ubuntu0.10.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-cacao\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"icedtea-6-jre-jamvm\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-headless\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-lib\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"openjdk-6-jre-zero\", pkgver:\"6b27-1.12.6-1ubuntu0.12.04.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icedtea-6-jre-cacao / icedtea-6-jre-jamvm / openjdk-6-jre / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:58:38", "references": ["http://support.novell.com/security/cve/CVE-2013-5842.html", "http://support.novell.com/security/cve/CVE-2013-5803.html", "http://support.novell.com/security/cve/CVE-2013-5809.html", "http://support.novell.com/security/cve/CVE-2013-5774.html", "http://support.novell.com/security/cve/CVE-2013-5830.html", "http://support.novell.com/security/cve/CVE-2013-5802.html", "http://support.novell.com/security/cve/CVE-2013-5825.html", "http://support.novell.com/security/cve/CVE-2013-5850.html", "http://support.novell.com/security/cve/CVE-2013-5797.html", "http://support.novell.com/security/cve/CVE-2013-5784.html", "http://support.novell.com/security/cve/CVE-2013-3829.html", "http://support.novell.com/security/cve/CVE-2013-5782.html", "http://support.novell.com/security/cve/CVE-2013-5814.html", "http://support.novell.com/security/cve/CVE-2013-5823.html", "http://support.novell.com/security/cve/CVE-2013-5817.html", "http://support.novell.com/security/cve/CVE-2013-5780.html", "http://support.novell.com/security/cve/CVE-2013-5772.html", "http://support.novell.com/security/cve/CVE-2013-5804.html", "http://support.novell.com/security/cve/CVE-2013-5790.html", "http://support.novell.com/security/cve/CVE-2013-5851.html", "http://support.novell.com/security/cve/CVE-2013-5829.html", "http://support.novell.com/security/cve/CVE-2013-5849.html", "http://support.novell.com/security/cve/CVE-2013-5820.html", "http://support.novell.com/security/cve/CVE-2013-4002.html", "http://support.novell.com/security/cve/CVE-2013-5783.html", "https://bugzilla.novell.com/show_bug.cgi?id=852367", "http://support.novell.com/security/cve/CVE-2013-5840.html", "http://support.novell.com/security/cve/CVE-2013-5778.html"], "pluginID": "71171", "description": "OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues :\n\n - S8006900, CVE-2013-3829: Add new date/time capability\n\n - S8008589: Better MBean permission validation\n\n - S8011071, CVE-2013-5780: Better crypto provider handling\n\n - S8011081, CVE-2013-5772: Improve jhat\n\n - S8011157, CVE-2013-5814: Improve CORBA portablility\n\n - S8012071, CVE-2013-5790: Better Building of Beans\n\n - S8012147: Improve tool support\n\n - S8012277: CVE-2013-5849: Improve AWT DataFlavor\n\n - S8012425, CVE-2013-5802: Transform TransformerFactory\n\n - S8013503, CVE-2013-5851: Improve stream factories\n\n - S8013506: Better Pack200 data handling\n\n - S8013510, CVE-2013-5809: Augment image writing code\n\n - S8013514: Improve stability of cmap class\n\n - S8013739, CVE-2013-5817: Better LDAP resource management\n\n - S8013744, CVE-2013-5783: Better tabling for AWT\n\n - S8014085: Better serialization support in JMX classes\n\n - S8014093, CVE-2013-5782: Improve parsing of images\n\n - S8014102, CVE-2013-5778: Improve image conversion\n\n - S8014341, CVE-2013-5803: Better service from Kerberos servers\n\n - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations\n\n - S8014530, CVE-2013-5825: Better digital signature processing\n\n - S8014534: Better profiling support\n\n - S8014987, CVE-2013-5842: Augment serialization handling\n\n - S8015614: Update build settings\n\n - S8015731: Subject java.security.auth.subject to improvements\n\n - S8015743, CVE-2013-5774: Address internet addresses\n\n - S8016256: Make finalization final\n\n - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names\n\n - S8016675, CVE-2013-5797: Make Javadoc pages more robust\n\n - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately\n\n - S8017287, CVE-2013-5829: Better resource disposal\n\n - S8017291, CVE-2013-5830: Cast Proxies Aside\n\n - S8017298, CVE-2013-4002: Better XML support\n\n - S8017300, CVE-2013-5784: Improve Interface Implementation\n\n - S8017505, CVE-2013-5820: Better Client Service\n\n - S8019292: Better Attribute Value Exceptions\n\n - S8019617: Better view of objects\n\n - S8020293: JVM crash\n\n - S8021290, CVE-2013-5823: Better signature validation\n\n - S8022940: Enhance CORBA translations\n\n - S8023683: Enhance class file parsing", "edition": 4, "reporter": "Tenable", "published": "2013-12-03T00:00:00", "title": "SuSE 11.2 Security Update : OpenJDK 1.6 (SAT Patch Number 8598)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-12-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-131129.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71171);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/12/03 12:13:22 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n\n script_name(english:\"SuSE 11.2 Security Update : OpenJDK 1.6 (SAT Patch Number 8598)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which\nincludes many fixes for bugs and security issues :\n\n - S8006900, CVE-2013-3829: Add new date/time capability\n\n - S8008589: Better MBean permission validation\n\n - S8011071, CVE-2013-5780: Better crypto provider handling\n\n - S8011081, CVE-2013-5772: Improve jhat\n\n - S8011157, CVE-2013-5814: Improve CORBA portablility\n\n - S8012071, CVE-2013-5790: Better Building of Beans\n\n - S8012147: Improve tool support\n\n - S8012277: CVE-2013-5849: Improve AWT DataFlavor\n\n - S8012425, CVE-2013-5802: Transform TransformerFactory\n\n - S8013503, CVE-2013-5851: Improve stream factories\n\n - S8013506: Better Pack200 data handling\n\n - S8013510, CVE-2013-5809: Augment image writing code\n\n - S8013514: Improve stability of cmap class\n\n - S8013739, CVE-2013-5817: Better LDAP resource management\n\n - S8013744, CVE-2013-5783: Better tabling for AWT\n\n - S8014085: Better serialization support in JMX classes\n\n - S8014093, CVE-2013-5782: Improve parsing of images\n\n - S8014102, CVE-2013-5778: Improve image conversion\n\n - S8014341, CVE-2013-5803: Better service from Kerberos\n servers\n\n - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass\n problematic in some class loader configurations\n\n - S8014530, CVE-2013-5825: Better digital signature\n processing\n\n - S8014534: Better profiling support\n\n - S8014987, CVE-2013-5842: Augment serialization handling\n\n - S8015614: Update build settings\n\n - S8015731: Subject java.security.auth.subject to\n improvements\n\n - S8015743, CVE-2013-5774: Address internet addresses\n\n - S8016256: Make finalization final\n\n - S8016653, CVE-2013-5804: javadoc should ignore\n ignoreable characters in names\n\n - S8016675, CVE-2013-5797: Make Javadoc pages more robust\n\n - S8017196, CVE-2013-5850: Ensure Proxies are handled\n appropriately\n\n - S8017287, CVE-2013-5829: Better resource disposal\n\n - S8017291, CVE-2013-5830: Cast Proxies Aside\n\n - S8017298, CVE-2013-4002: Better XML support\n\n - S8017300, CVE-2013-5784: Improve Interface\n Implementation\n\n - S8017505, CVE-2013-5820: Better Client Service\n\n - S8019292: Better Attribute Value Exceptions\n\n - S8019617: Better view of objects\n\n - S8020293: JVM crash\n\n - S8021290, CVE-2013-5823: Better signature validation\n\n - S8022940: Enhance CORBA translations\n\n - S8023683: Enhance class file parsing\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5772.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5774.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5778.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5780.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5782.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5783.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5784.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5790.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5797.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5802.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5803.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5804.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5809.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5814.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5817.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5820.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5825.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5829.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5830.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5840.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5842.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5849.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5850.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-5851.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8598.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.7-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:59:08", "references": ["https://access.redhat.com/security/cve/cve-2013-5783", "https://access.redhat.com/security/cve/cve-2013-5817", "https://access.redhat.com/security/cve/cve-2013-5802", "https://access.redhat.com/security/cve/cve-2013-5823", "https://access.redhat.com/security/cve/cve-2013-5804", "https://access.redhat.com/security/cve/cve-2013-5840", "https://access.redhat.com/security/cve/cve-2013-5790", "https://access.redhat.com/security/cve/cve-2013-5814", "https://access.redhat.com/security/cve/cve-2013-5780", "https://access.redhat.com/security/cve/cve-2013-5803", "https://access.redhat.com/security/cve/cve-2013-5778", "https://access.redhat.com/security/cve/cve-2013-5782", "https://access.redhat.com/errata/RHSA-2013:1505", "https://access.redhat.com/security/cve/cve-2013-4002", "https://access.redhat.com/security/cve/cve-2013-5825", "https://access.redhat.com/security/cve/cve-2013-5820", "https://access.redhat.com/security/cve/cve-2013-5809", "https://access.redhat.com/security/cve/cve-2013-5797", "https://access.redhat.com/security/cve/cve-2013-5842", "https://access.redhat.com/security/cve/cve-2013-5830", "https://access.redhat.com/security/cve/cve-2013-5850", "https://access.redhat.com/security/cve/cve-2013-5784", "https://access.redhat.com/security/cve/cve-2013-5774", "https://access.redhat.com/security/cve/cve-2013-5849", "https://access.redhat.com/security/cve/cve-2013-5829", "https://access.redhat.com/security/cve/cve-2013-5772", "https://access.redhat.com/security/cve/cve-2013-3829"], "pluginID": "70771", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 8, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1505. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70771);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:53\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1505)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-5830\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1505\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T12:39:47", "references": ["http://www.nessus.org/u?0fbe45b5", "http://www.nessus.org/u?957b7cd5"], "pluginID": "70769", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1505 and \n# CentOS Errata and Security Advisory 2013:1505 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70769);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1505)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0fbe45b5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?957b7cd5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:42:16", "references": ["https://alas.aws.amazon.com/ALAS-2013-246.html"], "pluginID": "70908", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 , CVE-2013-5842 , CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825 , CVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 , CVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)", "edition": 5, "reporter": "Tenable", "published": "2013-11-14T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"], "id": "ALA_ALAS-2013-246.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70908", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-246.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70908);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"ALAS\", value:\"2013-246\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-246)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 ,\nCVE-2013-5842 , CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825 ,\nCVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829 ,\nCVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 ,\nCVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-246.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:10:17", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-November/003790.html", "https://oss.oracle.com/pipermail/el-errata/2013-November/003789.html"], "pluginID": "70770", "description": "From Red Hat Security Advisory 2013:1505 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-1505.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70770", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1505 and \n# Oracle Linux Security Advisory ELSA-2013-1505 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70770);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_xref(name:\"RHSA\", value:\"2013:1505\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1505)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1505 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003789.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-November/003790.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-01T04:08:14", "references": ["http://www.nessus.org/u?62eef91c"], "pluginID": "70772", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross- site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-11-06T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-12-31T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20131105_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70772);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:01\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components\nin OpenJDK. An untrusted Java application or applet could use these\nflaws to bypass certain Java sandbox restrictions. (CVE-2013-3829,\nCVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross- site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1311&L=scientific-linux-errata&T=0&P=458\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62eef91c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-11T12:57:15", "references": ["http://www.nessus.org/u?93fe9b07"], "pluginID": "70547", "description": "Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2013-10-23T00:00:00", "title": "CentOS 5 : java-1.7.0-openjdk (CESA-2013:1447)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel", "p-cpe:/a:centos:centos:java-1.7.0-openjdk", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc"], "id": "CENTOS_RHSA-2013-1447.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1447 and \n# CentOS Errata and Security Advisory 2013:1447 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70547);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1447\");\n\n script_name(english:\"CentOS 5 : java-1.7.0-openjdk (CESA-2013:1447)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-October/019980.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?93fe9b07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:40:01", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-October/003754.html"], "pluginID": "70551", "description": "From Red Hat Security Advisory 2013:1451 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2013-10-23T00:00:00", "title": "Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-1451)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2015-12-01T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.7.0-openjdk"], "id": "ORACLELINUX_ELSA-2013-1451.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70551", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1451 and \n# Oracle Linux Security Advisory ELSA-2013-1451 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70551);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/12/01 17:16:05 $\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_bugtraq_id(61310, 63082, 63089, 63095, 63098, 63101, 63102, 63103, 63106, 63110, 63111, 63115, 63118, 63120, 63121, 63128, 63131, 63133, 63134, 63135, 63137, 63142, 63143, 63146, 63148, 63149, 63150, 63153, 63154);\n script_xref(name:\"RHSA\", value:\"2013:1451\");\n\n script_name(english:\"Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-1451)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1451 :\n\nUpdated java-1.7.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5842, CVE-2013-5850, CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825,\nCVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783,\nCVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849,\nCVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804, CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package\nwas installed, the issues exposed via Java applets could have been\nexploited without user interaction if a user visited a malicious\nwebsite.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-October/003754.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.7.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.0.1.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.0.1.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.0.1.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.0.1.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:09:24", "references": ["https://alas.aws.amazon.com/ALAS-2013-235.html"], "pluginID": "70897", "description": "Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 , CVE-2013-5842 , CVE-2013-5850 , CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825 , CVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 , CVE-2013-5820 , CVE-2013-5851 , CVE-2013-5800 , CVE-2013-5849 , CVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)", "edition": 5, "reporter": "Tenable", "published": "2013-11-14T00:00:00", "title": "Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.7.0-openjdk", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-235.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=70897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-235.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70897);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5800\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5838\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\", \"CVE-2013-5851\");\n script_xref(name:\"ALAS\", value:\"2013-235\");\n script_xref(name:\"RHSA\", value:\"2013:1451\");\n\n script_name(english:\"Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple input checking flaws were found in the 2D component native\nimage parsing code. A specially crafted image file could trigger a\nJava Virtual Machine memory corruption and, possibly, lead to\narbitrary code execution with the privileges of the user running the\nJava Virtual Machine. (CVE-2013-5782)\n\nThe class loader did not properly check the package access for\nnon-public proxy classes. A remote attacker could possibly use this\nflaw to execute arbitrary code with the privileges of the user running\nthe Java Virtual Machine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D,\nCORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java\napplication or applet could use these flaws to bypass Java sandbox\nrestrictions. (CVE-2013-5829 , CVE-2013-5814 , CVE-2013-5817 ,\nCVE-2013-5842 , CVE-2013-5850 , CVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image\nreading and writing code in the 2D component. An untrusted Java\napplication or applet could use these flaws to corrupt the Java\nVirtual Machine memory and bypass Java sandbox restrictions.\n(CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use\nthis flaw to supply a crafted XML that would be processed without the\nintended security restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security\ncomponents processes XML inputs. A remote attacker could create a\ncrafted XML that would cause a Java application to use an excessive\namount of CPU and memory when processed. (CVE-2013-5825 ,\nCVE-2013-4002 , CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the\nLibraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting\ncomponents in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass certain Java sandbox restrictions.\n(CVE-2013-3829 , CVE-2013-5840 , CVE-2013-5774 , CVE-2013-5783 ,\nCVE-2013-5820 , CVE-2013-5851 , CVE-2013-5800 , CVE-2013-5849 ,\nCVE-2013-5790 , CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the\nJava Virtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When\njavadoc documentation was generated from an untrusted Java source code\nand hosted on a domain not controlled by the code author, these issues\ncould make it easier to perform cross-site scripting attacks.\n(CVE-2013-5804 , CVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings\nreturned by toString() methods. These flaws could possibly lead to an\nunexpected exposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data\nadded into the HTML pages it generated. Crafted content in the memory\nof a Java program analyzed using jhat could possibly be used to\nconduct cross-site scripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using\nJGSS to exit. (CVE-2013-5803)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-235.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.7.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.7.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-openjdk / java-1.7.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-01-26T11:10:03", "references": ["2033-1", "http://www.ubuntu.com/usn/usn-2033-1/"], "pluginID": "841636", "description": "Check for the Version of openjdk-6", "edition": 4, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-11-26T00:00:00", "title": "Ubuntu Update for openjdk-6 USN-2033-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841636", "id": "OPENVAS:841636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2033_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for openjdk-6 USN-2033-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841636);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 11:26:48 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-5783\", \"CVE-2013-5804\", \"CVE-2013-4002\",\n \"CVE-2013-5803\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5772\",\n \"CVE-2013-5774\", \"CVE-2013-5784\", \"CVE-2013-5797\", \"CVE-2013-5820\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5790\", \"CVE-2013-5840\",\n \"CVE-2013-5849\", \"CVE-2013-5851\", \"CVE-2013-5782\", \"CVE-2013-5802\",\n \"CVE-2013-5809\", \"CVE-2013-5829\", \"CVE-2013-5814\", \"CVE-2013-5817\",\n \"CVE-2013-5830\", \"CVE-2013-5842\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2033-1\");\n\n tag_insight = \"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure and data integrity. An attacker could\nexploit these to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of service.\n(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,\nCVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,\nCVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)\";\n\n tag_affected = \"openjdk-6 on Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2033-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2033-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of openjdk-6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:41", "references": ["http://linux.oracle.com/errata/ELSA-2013-1505.html"], "pluginID": "1361412562310123534", "description": "Oracle Linux Local Security Checks ELSA-2013-1505", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2013-1505", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1505.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123534\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:05:11 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1505\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1505 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1505\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1505.html\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\", \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\", \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.0.1.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:04:30", "references": ["2033-1", "http://www.ubuntu.com/usn/usn-2033-1/"], "pluginID": "1361412562310841636", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "published": "2013-11-26T00:00:00", "title": "Ubuntu Update for openjdk-6 USN-2033-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310841636", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841636", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2033_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# Ubuntu Update for openjdk-6 USN-2033-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841636\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 11:26:48 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-5783\", \"CVE-2013-5804\", \"CVE-2013-4002\",\n \"CVE-2013-5803\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5772\",\n \"CVE-2013-5774\", \"CVE-2013-5784\", \"CVE-2013-5797\", \"CVE-2013-5820\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5790\", \"CVE-2013-5840\",\n \"CVE-2013-5849\", \"CVE-2013-5851\", \"CVE-2013-5782\", \"CVE-2013-5802\",\n \"CVE-2013-5809\", \"CVE-2013-5829\", \"CVE-2013-5814\", \"CVE-2013-5817\",\n \"CVE-2013-5830\", \"CVE-2013-5842\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for openjdk-6 USN-2033-1\");\n\n\n script_tag(name:\"affected\", value:\"openjdk-6 on Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities were discovered in the OpenJDK JRE\nrelated to information disclosure and data integrity. An attacker could\nexploit these to expose sensitive data over the network. (CVE-2013-3829,\nCVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\navailability. An attacker could exploit these to cause a denial of service.\n(CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data\nintegrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797,\nCVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure. An attacker could exploit these to expose sensitive\ndata over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790,\nCVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to\ninformation disclosure, data integrity and availability. An attacker could\nexploit these to cause a denial of service or expose sensitive data over\nthe network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2033-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2033-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openjdk-6'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-jamvm\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.12.04.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"icedtea-6-jre-cacao\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-headless\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-lib\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openjdk-6-jre-zero\", ver:\"6b27-1.12.6-1ubuntu0.10.04.4\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:09:32", "references": ["2013:1505-01", "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html"], "pluginID": "871062", "description": "Check for the Version of java-1.6.0-openjdk", "edition": 3, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-01-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871062", "id": "OPENVAS:871062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871062);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:38:16 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1505-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:56:17", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html"], "pluginID": "1361412562310881822", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881822\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:49:01 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos5 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T14:33:31", "references": ["https://alas.aws.amazon.com/ALAS-2013-246.html"], "pluginID": "1361412562310120121", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: alas-2013-246", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120121", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-246.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120121\");\n script_version(\"$Revision: 11711 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:55 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 14:30:57 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2013-246\");\n script_tag(name:\"insight\", value:\"Multiple flaws were discovered in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-246.html\");\n script_cve_id(\"CVE-2013-5802\", \"CVE-2013-5803\", \"CVE-2013-5814\", \"CVE-2013-5817\", \"CVE-2013-5849\", \"CVE-2013-5797\", \"CVE-2013-5809\", \"CVE-2013-5842\", \"CVE-2013-5850\", \"CVE-2013-5790\", \"CVE-2013-5780\", \"CVE-2013-5783\", \"CVE-2013-3829\", \"CVE-2013-5782\", \"CVE-2013-5772\", \"CVE-2013-5774\", \"CVE-2013-5804\", \"CVE-2013-5778\", \"CVE-2013-5829\", \"CVE-2013-4002\", \"CVE-2013-5784\", \"CVE-2013-5820\", \"CVE-2013-5840\", \"CVE-2013-5823\", \"CVE-2013-5825\", \"CVE-2013-5830\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~65.1.11.14.57.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:49", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html"], "pluginID": "881819", "description": "Check for the Version of java", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "CentOS Update for java CESA-2013:1505 centos6 ", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881819", "id": "OPENVAS:881819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881819);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:44:42 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos6 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:55:58", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html"], "pluginID": "1361412562310881819", "description": "Check for the Version of java", "edition": 4, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310881819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881819", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881819\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:44:42 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos6 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 6\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-23T15:15:39", "references": ["2013:1505-01", "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html"], "pluginID": "1361412562310871062", "description": "The remote host is missing an update for the ", "edition": 6, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871062\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:38:16 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01\");\n\n\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1505-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00001.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.65.1.11.14.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:51:33", "references": ["2013:1505", "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html"], "pluginID": "881822", "description": "Check for the Version of java", "edition": 2, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-11-08T00:00:00", "title": "CentOS Update for java CESA-2013:1505 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881822", "id": "OPENVAS:881822", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1505 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881822);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-08 10:49:01 +0530 (Fri, 08 Nov 2013)\");\n script_cve_id(\"CVE-2013-3829\", \"CVE-2013-4002\", \"CVE-2013-5772\", \"CVE-2013-5774\",\n \"CVE-2013-5778\", \"CVE-2013-5780\", \"CVE-2013-5782\", \"CVE-2013-5783\",\n \"CVE-2013-5784\", \"CVE-2013-5790\", \"CVE-2013-5797\", \"CVE-2013-5802\",\n \"CVE-2013-5803\", \"CVE-2013-5804\", \"CVE-2013-5809\", \"CVE-2013-5814\",\n \"CVE-2013-5817\", \"CVE-2013-5820\", \"CVE-2013-5823\", \"CVE-2013-5825\",\n \"CVE-2013-5829\", \"CVE-2013-5830\", \"CVE-2013-5840\", \"CVE-2013-5842\",\n \"CVE-2013-5849\", \"CVE-2013-5850\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1505 centos5 \");\n\n tag_insight = \"The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasie ... \n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"java on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2013:1505\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.42.1.11.14.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:52", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5849", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5804", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5780", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5850", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5820", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5823", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5802", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5842", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-3829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5803", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5814", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4002", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5840", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5825", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5817", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5830", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5797", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5778", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5782", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5774", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5851", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5809"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-6-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "6b27-1.12.6-1ubuntu0.12.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "6b27-1.12.6-1ubuntu0.10.04.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-6-jre-zero", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850)", "edition": 3, "reporter": "Ubuntu", "published": "2013-11-21T00:00:00", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-21T00:00:00", "id": "USN-2033-1", "href": "https://usn.ubuntu.com/2033-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:26", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5783", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5849", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5878", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5804", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0373", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5784", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5800", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5780", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5850", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5820", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5823", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5884", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5802", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5842", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-3829", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5806", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5803", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0416", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5893", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5896", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5814", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-4002", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0368", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5790", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0428", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0423", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5910", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5840", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0376", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5825", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5817", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5805", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5830", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0408", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5797", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5778", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5782", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0411", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5774", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0422", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5907", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5851", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-5809"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-cacao", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "7u51-2.4.4-0ubuntu0.13.10.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "icedtea-7-jre-jamvm", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-zero", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "13.04", "packageVersion": "7u51-2.4.4-0ubuntu0.13.04.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-headless", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.10", "packageVersion": "7u51-2.4.4-0ubuntu0.12.10.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "openjdk-7-jre-lib", "operator": "lt"}], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-3829, CVE-2013-5783, CVE-2013-5804, CVE-2014-0411)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-4002, CVE-2013-5803, CVE-2013-5823, CVE-2013-5825, CVE-2013-5896, CVE-2013-5910)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-5772, CVE-2013-5774, CVE-2013-5784, CVE-2013-5797, CVE-2013-5820, CVE-2014-0376, CVE-2014-0416)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5778, CVE-2013-5780, CVE-2013-5790, CVE-2013-5800, CVE-2013-5840, CVE-2013-5849, CVE-2013-5851, CVE-2013-5884, CVE-2014-0368)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5782, CVE-2013-5802, CVE-2013-5809, CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5830, CVE-2013-5842, CVE-2013-5850, CVE-2013-5878, CVE-2013-5893, CVE-2013-5907, CVE-2014-0373, CVE-2014-0408, CVE-2014-0422, CVE-2014-0428)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423)", "edition": 3, "reporter": "Ubuntu", "published": "2014-01-23T00:00:00", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5884", "CVE-2013-5893", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2014-0373", "CVE-2013-5806", "CVE-2013-5805", "CVE-2014-0408", "CVE-2013-5825", "CVE-2014-0376", "CVE-2014-0422", "CVE-2014-0411", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5896", "CVE-2013-5780", "CVE-2013-5910", "CVE-2014-0428", "CVE-2013-5814", "CVE-2014-0368", "CVE-2014-0423", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5907", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2014-0416", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-01-23T00:00:00", "id": "USN-2089-1", "href": "https://usn.ubuntu.com/2089-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:20", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1505.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-65.1.11.14.57.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5782 __](<https://access.redhat.com/security/cve/CVE-2013-5782>))\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5830 __](<https://access.redhat.com/security/cve/CVE-2013-5830>))\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-5829 __](<https://access.redhat.com/security/cve/CVE-2013-5829>), [CVE-2013-5814 __](<https://access.redhat.com/security/cve/CVE-2013-5814>), [CVE-2013-5817 __](<https://access.redhat.com/security/cve/CVE-2013-5817>), [CVE-2013-5842 __](<https://access.redhat.com/security/cve/CVE-2013-5842>), [CVE-2013-5850 __](<https://access.redhat.com/security/cve/CVE-2013-5850>))\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. ([CVE-2013-5809 __](<https://access.redhat.com/security/cve/CVE-2013-5809>))\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. ([CVE-2013-5802 __](<https://access.redhat.com/security/cve/CVE-2013-5802>))\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. ([CVE-2013-5825 __](<https://access.redhat.com/security/cve/CVE-2013-5825>), [CVE-2013-4002 __](<https://access.redhat.com/security/cve/CVE-2013-4002>), [CVE-2013-5823 __](<https://access.redhat.com/security/cve/CVE-2013-5823>))\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-3829 __](<https://access.redhat.com/security/cve/CVE-2013-3829>), [CVE-2013-5840 __](<https://access.redhat.com/security/cve/CVE-2013-5840>), [CVE-2013-5774 __](<https://access.redhat.com/security/cve/CVE-2013-5774>), [CVE-2013-5783 __](<https://access.redhat.com/security/cve/CVE-2013-5783>), [CVE-2013-5820 __](<https://access.redhat.com/security/cve/CVE-2013-5820>), [CVE-2013-5849 __](<https://access.redhat.com/security/cve/CVE-2013-5849>), [CVE-2013-5790 __](<https://access.redhat.com/security/cve/CVE-2013-5790>), [CVE-2013-5784 __](<https://access.redhat.com/security/cve/CVE-2013-5784>))\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. ([CVE-2013-5778 __](<https://access.redhat.com/security/cve/CVE-2013-5778>))\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. ([CVE-2013-5804 __](<https://access.redhat.com/security/cve/CVE-2013-5804>), [CVE-2013-5797 __](<https://access.redhat.com/security/cve/CVE-2013-5797>))\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. ([CVE-2013-5780 __](<https://access.redhat.com/security/cve/CVE-2013-5780>))\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. ([CVE-2013-5772 __](<https://access.redhat.com/security/cve/CVE-2013-5772>))\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. ([CVE-2013-5803 __](<https://access.redhat.com/security/cve/CVE-2013-5803>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-65.1.11.14.57.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-16T21:54:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:20", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-09-16T21:54:00", "id": "ALAS-2013-246", "href": "https://alas.aws.amazon.com/ALAS-2013-246.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:16", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1451.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.7.0.45-2.4.3.2.32.amzn1", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.x86_64.rpm", "packageName": "java-1.7.0-openjdk-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5782 __](<https://access.redhat.com/security/cve/CVE-2013-5782>))\n\nThe class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. ([CVE-2013-5830 __](<https://access.redhat.com/security/cve/CVE-2013-5830>))\n\nMultiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-5829 __](<https://access.redhat.com/security/cve/CVE-2013-5829>), [CVE-2013-5814 __](<https://access.redhat.com/security/cve/CVE-2013-5814>), [CVE-2013-5817 __](<https://access.redhat.com/security/cve/CVE-2013-5817>), [CVE-2013-5842 __](<https://access.redhat.com/security/cve/CVE-2013-5842>), [CVE-2013-5850 __](<https://access.redhat.com/security/cve/CVE-2013-5850>), [CVE-2013-5838 __](<https://access.redhat.com/security/cve/CVE-2013-5838>))\n\nMultiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. ([CVE-2013-5809 __](<https://access.redhat.com/security/cve/CVE-2013-5809>))\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. ([CVE-2013-5802 __](<https://access.redhat.com/security/cve/CVE-2013-5802>))\n\nMultiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. ([CVE-2013-5825 __](<https://access.redhat.com/security/cve/CVE-2013-5825>), [CVE-2013-4002 __](<https://access.redhat.com/security/cve/CVE-2013-4002>), [CVE-2013-5823 __](<https://access.redhat.com/security/cve/CVE-2013-5823>))\n\nMultiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2013-3829 __](<https://access.redhat.com/security/cve/CVE-2013-3829>), [CVE-2013-5840 __](<https://access.redhat.com/security/cve/CVE-2013-5840>), [CVE-2013-5774 __](<https://access.redhat.com/security/cve/CVE-2013-5774>), [CVE-2013-5783 __](<https://access.redhat.com/security/cve/CVE-2013-5783>), [CVE-2013-5820 __](<https://access.redhat.com/security/cve/CVE-2013-5820>), [CVE-2013-5851 __](<https://access.redhat.com/security/cve/CVE-2013-5851>), [CVE-2013-5800 __](<https://access.redhat.com/security/cve/CVE-2013-5800>), [CVE-2013-5849 __](<https://access.redhat.com/security/cve/CVE-2013-5849>), [CVE-2013-5790 __](<https://access.redhat.com/security/cve/CVE-2013-5790>), [CVE-2013-5784 __](<https://access.redhat.com/security/cve/CVE-2013-5784>))\n\nIt was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. ([CVE-2013-5778 __](<https://access.redhat.com/security/cve/CVE-2013-5778>))\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. ([CVE-2013-5804 __](<https://access.redhat.com/security/cve/CVE-2013-5804>), [CVE-2013-5797 __](<https://access.redhat.com/security/cve/CVE-2013-5797>))\n\nVarious OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. ([CVE-2013-5780 __](<https://access.redhat.com/security/cve/CVE-2013-5780>))\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. ([CVE-2013-5772 __](<https://access.redhat.com/security/cve/CVE-2013-5772>))\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. ([CVE-2013-5803 __](<https://access.redhat.com/security/cve/CVE-2013-5803>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.32.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.32.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-16T21:45:00", "title": "Critical: java-1.7.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:16", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-09-16T21:45:00", "id": "ALAS-2013-235", "href": "https://alas.aws.amazon.com/ALAS-2013-235.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:18", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1319.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "noarch", "packageFilename": "xerces-j2-2.7.1-12.7.19.amzn1.noarch.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.1-12.7.19.amzn1", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.19.amzn1.src.rpm", "packageName": "xerces-j2", "operator": "lt"}], "description": "**Issue Overview:**\n\nA resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU.\n\n \n**Affected Packages:** \n\n\nxerces-j2\n\n \n**Issue Correction:** \nRun _yum update xerces-j2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n xerces-j2-javadoc-apis-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-xni-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-other-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-demo-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-scripts-2.7.1-12.7.19.amzn1.noarch \n xerces-j2-javadoc-impl-2.7.1-12.7.19.amzn1.noarch \n \n src: \n xerces-j2-2.7.1-12.7.19.amzn1.src \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-11-01T14:05:00", "title": "Medium: xerces-j2", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:18", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-11-01T14:05:00", "id": "ALAS-2014-436", "href": "https://alas.aws.amazon.com/ALAS-2014-436.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-10-02T16:55:30", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0408.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.3.64.amzn1.x86_64.rpm", "packageName": "java-1.6.0-openjdk-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "1.6.0.0-67.1.13.3.64.amzn1", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.3.64.amzn1.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}], "description": "**Issue Overview:**\n\nAn input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. ([CVE-2014-0429 __](<https://access.redhat.com/security/cve/CVE-2014-0429>))\n\nMultiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. ([CVE-2014-0456 __](<https://access.redhat.com/security/cve/CVE-2014-0456>), [CVE-2014-2397 __](<https://access.redhat.com/security/cve/CVE-2014-2397>), [CVE-2014-2421 __](<https://access.redhat.com/security/cve/CVE-2014-2421>))\n\nMultiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2014-0457 __](<https://access.redhat.com/security/cve/CVE-2014-0457>), [CVE-2014-0461 __](<https://access.redhat.com/security/cve/CVE-2014-0461>))\n\nMultiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. ([CVE-2014-2412 __](<https://access.redhat.com/security/cve/CVE-2014-2412>), [CVE-2014-0451 __](<https://access.redhat.com/security/cve/CVE-2014-0451>), [CVE-2014-0458 __](<https://access.redhat.com/security/cve/CVE-2014-0458>), [CVE-2014-2423 __](<https://access.redhat.com/security/cve/CVE-2014-2423>), [CVE-2014-0452 __](<https://access.redhat.com/security/cve/CVE-2014-0452>), [CVE-2014-2414 __](<https://access.redhat.com/security/cve/CVE-2014-2414>), [CVE-2014-0446 __](<https://access.redhat.com/security/cve/CVE-2014-0446>), [CVE-2014-2427 __](<https://access.redhat.com/security/cve/CVE-2014-2427>))\n\nMultiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. ([CVE-2014-0460 __](<https://access.redhat.com/security/cve/CVE-2014-0460>))\n\nIt was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. ([CVE-2014-2403 __](<https://access.redhat.com/security/cve/CVE-2014-2403>))\n\nIt was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. ([CVE-2014-0453 __](<https://access.redhat.com/security/cve/CVE-2014-0453>))\n\nIt was discovered that the fix for [CVE-2013-5797 __](<https://access.redhat.com/security/cve/CVE-2013-5797>) did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. ([CVE-2014-2398 __](<https://access.redhat.com/security/cve/CVE-2014-2398>))\n\nAn insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. ([CVE-2014-1876 __](<https://access.redhat.com/security/cve/CVE-2014-1876>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.3.64.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.3.64.amzn1.i686 \n java-1.6.0-openjdk-src-1.6.0.0-67.1.13.3.64.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.3.64.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.3.64.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-devel-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n java-1.6.0-openjdk-1.6.0.0-67.1.13.3.64.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2014-09-18T00:22:00", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:30", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2397", "CVE-2014-0457", "CVE-2014-0446", "CVE-2014-1876", "CVE-2014-0458", "CVE-2014-2427", "CVE-2014-0453", "CVE-2014-0461", "CVE-2014-0456", "CVE-2014-0429", "CVE-2014-2403", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-0460", "CVE-2014-2423", "CVE-2014-2398", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-2414", "CVE-2013-5797"], "modified": "2014-09-18T00:22:00", "id": "ALAS-2014-326", "href": "https://alas.aws.amazon.com/ALAS-2014-326.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:12", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1505.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "any", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "any", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-javadoc", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-demo", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "i386", "packageName": "java-1.6.0-openjdk-devel", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.el5_10.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-src", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1505\n\n\nThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020016.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-November/020019.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1505.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-11-05T20:45:16", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-05T21:41:40", "href": "http://lists.centos.org/pipermail/centos-announce/2013-November/020016.html", "id": "CESA-2013:1505", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:31", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1447.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1447\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-October/019980.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1447.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-10-22T07:41:01", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "title": "java security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-22T07:41:01", "href": "http://lists.centos.org/pipermail/centos-announce/2013-October/019980.html", "id": "CESA-2013:1447", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:25:08", "references": ["https://rhn.redhat.com/errata/RHSA-2013-1451.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "any", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "noarch", "packageName": "java-1.7.0-openjdk-javadoc", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.el6_4.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-src", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-demo", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "x86_64", "packageName": "java-1.7.0-openjdk-devel", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.el6_4.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:1451\n\n\nThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-October/019985.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1451.html", "edition": 1, "reporter": "CentOS Project", "published": "2013-10-23T11:04:05", "title": "java security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-23T11:04:05", "href": "http://lists.centos.org/pipermail/centos-announce/2013-October/019985.html", "id": "CESA-2013:1451", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:24:55", "references": ["https://rhn.redhat.com/errata/RHSA-2014-1319.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "any", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-xni", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-impl", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-other", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2-javadoc", "packageFilename": "xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-scripts", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-impl", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-apis", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-apis", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "any", "packageName": "xerces-j2", "packageFilename": "xerces-j2-2.11.0-17.el7_0.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-scripts", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageName": "xerces-j2-demo", "packageFilename": "xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageName": "xerces-j2-javadoc-xni", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageName": "xerces-j2-javadoc-other", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:1319\n\n\nApache Xerces for Java (Xerces-J) is a high performance, standards\ncompliant, validating XML parser written in Java. The xerces-j2 packages\nprovide Xerces-J version 2.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nAll xerces-j2 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. Applications using the\nXerces-J must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020603.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-September/020605.html\n\n**Affected packages:**\nxerces-j2\nxerces-j2-demo\nxerces-j2-javadoc\nxerces-j2-javadoc-apis\nxerces-j2-javadoc-impl\nxerces-j2-javadoc-other\nxerces-j2-javadoc-xni\nxerces-j2-scripts\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1319.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-09-30T10:18:46", "title": "xerces security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-09-30T10:59:34", "href": "http://lists.centos.org/pipermail/centos-announce/2014-September/020603.html", "id": "CESA-2014:1319", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.el5_10", "arch": "x86_64", "packageName": "java-1.6.0-openjdk-debuginfo", "packageFilename": "java-1.6.0-openjdk-debuginfo-1.6.0.0-1.42.1.11.14.el5_10.x86_64.rpm", "operator": "lt"}], "description": "The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime\nEnvironment and the OpenJDK 6 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790,\nCVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-05T05:00:00", "type": "redhat", "title": "(RHSA-2013:1505) Important: java-1.6.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:34", "id": "RHSA-2013:1505", "href": "https://access.redhat.com/errata/RHSA-2013:1505", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:45:45", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.1.el5_10.i386.rpm", "operator": "lt"}], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-10-21T04:00:00", "type": "redhat", "title": "(RHSA-2013:1447) Important: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:47:39", "id": "RHSA-2013:1447", "href": "https://access.redhat.com/errata/RHSA-2013:1447", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:31", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-openjdk-debuginfo", "packageFilename": "java-1.7.0-openjdk-debuginfo-1.7.0.45-2.4.3.2.el6_4.i686.rpm", "operator": "lt"}], "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime\nEnvironment and the OpenJDK 7 Java Software Development Kit.\n\nMultiple input checking flaws were found in the 2D component native image\nparsing code. A specially crafted image file could trigger a Java Virtual\nMachine memory corruption and, possibly, lead to arbitrary code execution\nwith the privileges of the user running the Java Virtual Machine.\n(CVE-2013-5782)\n\nThe class loader did not properly check the package access for non-public\nproxy classes. A remote attacker could possibly use this flaw to execute\narbitrary code with the privileges of the user running the Java Virtual\nMachine. (CVE-2013-5830)\n\nMultiple improper permission check issues were discovered in the 2D, CORBA,\nJNDI, and Libraries components in OpenJDK. An untrusted Java application or\napplet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,\nCVE-2013-5838)\n\nMultiple input checking flaws were discovered in the JPEG image reading and\nwriting code in the 2D component. An untrusted Java application or applet\ncould use these flaws to corrupt the Java Virtual Machine memory and bypass\nJava sandbox restrictions. (CVE-2013-5809)\n\nThe FEATURE_SECURE_PROCESSING setting was not properly honored by the\njavax.xml.transform package transformers. A remote attacker could use this\nflaw to supply a crafted XML that would be processed without the intended\nsecurity restrictions. (CVE-2013-5802)\n\nMultiple errors were discovered in the way the JAXP and Security components\nprocesses XML inputs. A remote attacker could create a crafted XML that\nwould cause a Java application to use an excessive amount of CPU and memory\nwhen processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)\n\nMultiple improper permission check issues were discovered in the Libraries,\nSwing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.\nAn untrusted Java application or applet could use these flaws to bypass\ncertain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,\nCVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,\nCVE-2013-5849, CVE-2013-5790, CVE-2013-5784)\n\nIt was discovered that the 2D component image library did not properly\ncheck bounds when performing image conversions. An untrusted Java\napplication or applet could use this flaw to disclose portions of the Java\nVirtual Machine memory. (CVE-2013-5778)\n\nMultiple input sanitization flaws were discovered in javadoc. When javadoc\ndocumentation was generated from an untrusted Java source code and hosted\non a domain not controlled by the code author, these issues could make it\neasier to perform cross-site scripting attacks. (CVE-2013-5804,\nCVE-2013-5797)\n\nVarious OpenJDK classes that represent cryptographic keys could leak\nprivate key information by including sensitive data in strings returned by\ntoString() methods. These flaws could possibly lead to an unexpected\nexposure of sensitive key data. (CVE-2013-5780)\n\nThe Java Heap Analysis Tool (jhat) failed to properly escape all data added\ninto the HTML pages it generated. Crafted content in the memory of a Java\nprogram analyzed using jhat could possibly be used to conduct cross-site\nscripting attacks. (CVE-2013-5772)\n\nThe Kerberos implementation in OpenJDK did not properly parse KDC\nresponses. A malformed packet could cause a Java application using JGSS to\nexit. (CVE-2013-5803)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-10-22T04:00:00", "type": "redhat", "title": "(RHSA-2013:1451) Critical: java-1.7.0-openjdk security update", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:06", "id": "RHSA-2013:1451", "href": "https://access.redhat.com/errata/RHSA-2013:1451", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.5.0.16.4-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.5.0-ibm", "packageFilename": "java-1.5.0-ibm-1.5.0.16.4-1jpp.1.el5_10.i386.rpm", "operator": "lt"}], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814,\nCVE-2013-5817, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840,\nCVE-2013-5842, CVE-2013-5843, CVE-2013-5849)\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP4 release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1509) Important: java-1.5.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5774", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5849"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:37", "id": "RHSA-2013:1509", "href": "https://access.redhat.com/errata/RHSA-2013:1509", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.0.45-1jpp.2.el6_4", "arch": "i686", "packageName": "java-1.7.0-oracle-devel", "packageFilename": "java-1.7.0-oracle-devel-1.7.0.45-1jpp.2.el6_4.i686.rpm", "operator": "lt"}], "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5775,\nCVE-2013-5776, CVE-2013-5777, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782,\nCVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802,\nCVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5810, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5844, CVE-2013-5846, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5851, CVE-2013-5852, CVE-2013-5854)\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 45 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "reporter": "RedHat", "published": "2013-10-17T04:00:00", "type": "redhat", "title": "(RHSA-2013:1440) Critical: java-1.7.0-oracle security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4002", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5775", "CVE-2013-5776", "CVE-2013-5777", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5810", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5844", "CVE-2013-5846", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851", "CVE-2013-5852", "CVE-2013-5854"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:29", "id": "RHSA-2013:1440", "href": "https://access.redhat.com/errata/RHSA-2013:1440", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:16", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.7.0.6.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.7.0-ibm", "packageFilename": "java-1.7.0-ibm-1.7.0.6.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}], "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788,\nCVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842,\nCVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR6 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1507) Critical: java-1.7.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5456", "CVE-2013-5457", "CVE-2013-5458", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5788", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5800", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:36", "id": "RHSA-2013:1507", "href": "https://access.redhat.com/errata/RHSA-2013:1507", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:43:21", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5", "arch": "x86_64", "packageName": "java-1.6.0-ibm", "packageFilename": "java-1.6.0-ibm-1.6.0.15.0-1jpp.1.el5.x86_64.rpm", "operator": "lt"}], "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4, 5.5 and 5.6. In a typical operating environment, these are of low\nsecurity risk as the runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5457,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,\nCVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804,\nCVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818,\nCVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825,\nCVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840,\nCVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850,\nCVE-2013-5851)\n\nUsers of Red Hat Network Satellite Server 5.4, 5.5 and 5.6 are advised to\nupgrade to these updated packages, which contain the IBM Java SE 6 SR15\nrelease. For this update to take effect, Red Hat Network Satellite Server\nmust be restarted (\"/usr/sbin/rhn-satellite restart\"), as well as all\nrunning instances of IBM Java.\n", "reporter": "RedHat", "published": "2013-12-05T05:00:00", "type": "redhat", "title": "(RHSA-2013:1793) Low: Red Hat Network Satellite server IBM Java Runtime security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:02:28", "id": "RHSA-2013:1793", "href": "https://access.redhat.com/errata/RHSA-2013:1793", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:17", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "1.6.0.15.0-1jpp.1.el5_10", "arch": "i386", "packageName": "java-1.6.0-ibm-devel", "packageFilename": "java-1.6.0-ibm-devel-1.6.0.15.0-1jpp.1.el5_10.i386.rpm", "operator": "lt"}], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-3829, CVE-2013-4041,\nCVE-2013-5372, CVE-2013-5375, CVE-2013-5457, CVE-2013-5772, CVE-2013-5774,\nCVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783,\nCVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5797, CVE-2013-5801,\nCVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812,\nCVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820,\nCVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830,\nCVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843,\nCVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851)\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR15 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2013-11-07T05:00:00", "type": "redhat", "title": "(RHSA-2013:1508) Critical: java-1.6.0-ibm security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-3829", "CVE-2013-4041", "CVE-2013-5372", "CVE-2013-5375", "CVE-2013-5457", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5851"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T09:04:27", "id": "RHSA-2013:1508", "href": "https://access.redhat.com/errata/RHSA-2013:1508", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1.25-1.Final_redhat_2.1.ep6.el6", "arch": "noarch", "packageName": "weld-core", "packageFilename": "weld-core-1.1.25-1.Final_redhat_2.1.ep6.el6.noarch.rpm", "operator": "lt"}], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. A list of these changes is available from the JBoss\nEnterprise Application Platform 6.3.2 Downloads page on the Customer\nPortal.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat\nEnterprise Linux 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2014-11-06T05:00:00", "type": "redhat", "title": "(RHSA-2014:1818) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T02:41:56", "id": "RHSA-2014:1818", "href": "https://access.redhat.com/errata/RHSA-2014:1818", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:25", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "7.4.2-3.Final_redhat_2.1.ep6.el5", "arch": "noarch", "packageName": "jboss-as-network", "packageFilename": "jboss-as-network-7.4.2-3.Final_redhat_2.1.ep6.el5.noarch.rpm", "operator": "lt"}], "description": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA resource consumption issue was found in the way Xerces-J handled XML\ndeclarations. A remote attacker could use an XML document with a specially\ncrafted declaration using a long pseudo-attribute name that, when parsed by\nan application using Xerces-J, would cause that application to use an\nexcessive amount of CPU. (CVE-2013-4002)\n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. A list of these changes is available from the JBoss\nEnterprise Application Platform 6.3.2 Downloads page on the Customer\nPortal.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.3 on Red Hat\nEnterprise Linux 5 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2014-11-06T05:00:00", "type": "redhat", "title": "(RHSA-2014:1821) Moderate: Red Hat JBoss Enterprise Application Platform 6.3.2 update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2016-04-12T04:00:39", "id": "RHSA-2014:1821", "href": "https://access.redhat.com/errata/RHSA-2014:1821", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:08", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10.i386.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "i686", "packageFilename": "java-1.6.0-openjdk-src-1.6.0.0-1.65.1.11.14.el6_4.i686.rpm", "packageName": "java-1.6.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "src", "packageFilename": "java-1.6.0-openjdk-1.6.0.0-1.42.1.11.14.0.1.el5_10.src.rpm", "packageName": "java-1.6.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-demo-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.6.0.0-1.42.1.11.14.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-javadoc-1.6.0.0-1.42.1.11.14.0.1.el5_10.x86_64.rpm", "packageName": "java-1.6.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.6.0.0-1.65.1.11.14.el6_4", "arch": "x86_64", "packageFilename": "java-1.6.0-openjdk-devel-1.6.0.0-1.65.1.11.14.el6_4.x86_64.rpm", "packageName": "java-1.6.0-openjdk-devel", "operator": "lt"}], "description": "[1:1.6.0.0-1.68.1.11.14]\n- updated to icedtea6-1.11.14.tar.gz\n- added and applied 1.11.14-fixes.patch, patch10 to fix build issues\n- adapted patch8 java-1.6.0-openjdk-timezone-id.patch\n- Resolves: rhbz#1017618\n[1:1.6.0.1-1.67.1.13.0]\n- reverted previous update\n- Resolves: rhbz#1017618\n[1:1.6.0.1-1.66.1.13.0]\n- updated to icedtea 1.13\n- updated to openjdk-6-src-b28-04_oct_2013\n- added --disable-lcms2 configure switch to fix tck\n- removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch\n- added patch7 1.13_fixes.patch to fix 1.13 build issues\n- adapted patch0 java-1.6.0-openjdk-optflags.patch\n- adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch\n- adapted patch8 java-1.6.0-openjdk-timezone-id.patch\n- removed useless runtests parts\n- included also java.security.old files\n- Resolves: rhbz#1017618", "edition": 3, "reporter": "Oracle", "published": "2013-11-05T00:00:00", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-05T00:00:00", "id": "ELSA-2013-1505", "href": "http://linux.oracle.com/errata/ELSA-2013-1505.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:45", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.1.0.1.el5_10.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.1.0.1.el5_10.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.7.0.45-2.4.3.1.0.1.el5_10", "arch": "i386", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.1.0.1.el5_10.i386.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}], "description": "[1.7.0.45-2.4.3.1.0.1.el5_10]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.45-2.4.3.1.el5]\n- Updated to icedtea 2.4.3\n- Resolves: rhbz#1017623\n[1.7.0.45-2.4.3.0.el5]\n- fixed and updated tapset\n- removed bootstrap\n- source 11 redeclared to 1111\n- added source12: TestCryptoLevel.java\n- removed upstreamed patch103 java-1.7.0-openjdk-arm-fixes.patch\n- removed unnecessary patch112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch\n- added patch120: java-1.7.0-openjdk-freetype-check-fix.patch\n- fixed nss\n- cleaned sources\n- Resolves: rhbz#1017623\n[1.7.0.25-2.4.1.4.el5]\n- updated to icedtea 2.4.1\n- improoved handling of patch111 - nss-config-2.patch\n- backported uniquesuffix from 6.5\n- Resolves: rhbz#978421", "edition": 3, "reporter": "Oracle", "published": "2013-10-21T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-21T00:00:00", "id": "ELSA-2013-1447", "href": "http://linux.oracle.com/errata/ELSA-2013-1447.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:59", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-src-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-devel-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "x86_64", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.x86_64.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "i686", "packageFilename": "java-1.7.0-openjdk-demo-1.7.0.45-2.4.3.2.0.1.el6_4.i686.rpm", "packageName": "java-1.7.0-openjdk-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "noarch", "packageFilename": "java-1.7.0-openjdk-javadoc-1.7.0.45-2.4.3.2.0.1.el6_4.noarch.rpm", "packageName": "java-1.7.0-openjdk-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.7.0.45-2.4.3.2.0.1.el6_4", "arch": "src", "packageFilename": "java-1.7.0-openjdk-1.7.0.45-2.4.3.2.0.1.el6_4.src.rpm", "packageName": "java-1.7.0-openjdk", "operator": "lt"}], "description": "[1.7.0.45-2.4.3.2.0.1.el6]\n- Update DISTRO_NAME in specfile\n[1.7.0.40-2.4.3.1.el6]\n- sync with rhel 6.5 to icedtea 2.4 because of pernament tck failures\n - nss kept disabled\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.4.el6]\n- added back patch408 tck20131015_5.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.3.el6]\n- added back patch404 tck20131015_1.patch, to resolve one of tck failures\n- added back patch405 tck20131015_2.patch, to resolve one of tck failures\n- added back patch406 tck20131015_3.patch, to resolve one of tck failures (modified)\n- added back patch407 tck20131015_4.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.2.el6]\n- updated to newer security tarball of 2.3.13\n- removed patch405 tck20131015_2.patch, no longer necessary to fix tck failures\n- removed patch406 tck20131015_3.patch, no longer necessary to fix tck failures\n- removed patch407 tck20131015_4.patch, no longer necessary to fix tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.1.el6]\n- removed useless patch404 tck20131015_1.patch\n- added patch405 tck20131015_2.patch, to resolve one of tck failures\n- added patch406 tck20131015_3.patch, to resolve one of tck failures\n- added patch407 tck20131015_4.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626\n[1.7.0.25-2.3.13.0.el6]\n- security update to 2.3.13\n- adapted java-1.7.0-openjdk-disable-system-lcms.patch (and redeclared to 105)\n- removed bootstrap\n- fixed nss\n- fixed buildver and updatever (Set to 25,30)\n- moved to xz compression of sources\n- all patches moved correctly to prep\n- added patch404 tck20131015_1.patch, to resolve one of tck failures\n- Resolves: rhbz#1017626", "edition": 3, "reporter": "Oracle", "published": "2013-10-22T00:00:00", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-10-22T00:00:00", "id": "ELSA-2013-1451", "href": "http://linux.oracle.com/errata/ELSA-2013-1451.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:47", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-javadoc-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2-javadoc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "src", "packageFilename": "xerces-j2-2.11.0-17.el7_0.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-other", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-impl", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.11.0-17.el7_0", "arch": "noarch", "packageFilename": "xerces-j2-demo-2.11.0-17.el7_0.noarch.rpm", "packageName": "xerces-j2-demo", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-xni", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "x86_64", "packageFilename": "xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm", "packageName": "xerces-j2-javadoc-apis", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "src", "packageFilename": "xerces-j2-2.7.1-12.7.el6_5.src.rpm", "packageName": "xerces-j2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.1-12.7.el6_5", "arch": "i686", "packageFilename": "xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm", "packageName": "xerces-j2-scripts", "operator": "lt"}], "description": "[2.11.0-17]\n- Fix XML parsing bug (JAXP, 8017298)\n- Resolves: CVE-2013-4002", "edition": 3, "reporter": "Oracle", "published": "2014-09-29T00:00:00", "title": "xerces-j2 security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-4002"], "modified": "2014-09-29T00:00:00", "id": "ELSA-2014-1319", "href": "http://linux.oracle.com/errata/ELSA-2014-1319.html", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:02", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 419633 and 565169 (BIG-IP), ID 562118 (Enterprise Manager and BIG-IQ), ID 552323 (ARX), and INSTALLER-1887 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n10.1.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP AAM| 11.6.0 \n11.4.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.4.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP AFM| 11.6.0 \n11.3.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.3.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP Analytics| 11.6.0 \n11.0.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP APM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP ASM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP DNS| None| 12.0.0 - 12.1.0| None| None \nNone| 12.0.0 - 12.1.0| None| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP GTM| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP Link Controller| 11.6.0 \n11.0.0 - 11.5.4 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP PEM| 11.6.0 \n11.3.0 - 11.5.4| 12.0.0 - 12.1.0 \n11.6.1 \n11.5.4 HF2| High| Java, iControl REST \n11.3.0 - 11.4.1| 12.0.0 - 12.1.0 \n11.5.0 - 11.6.1| High| Configuration utility \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Java, iControl REST \n11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| High| Configuration utility \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| High| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| High| Java \nBIG-IQ Centralized Management| None| None| Not Vulnerable| None \nBIG-IQ Cloud and Orchestration| None| None| Not Vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.0.5| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, Enterprise Manager, and BIG-IQ\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nTo mitigate this vulnerability, you can limit access to the management port, Configuration utility, and iControl REST functionality to authorized users only.\n\nTraffix SDC\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nAn updated JDK 1.6.60 is available from F5 via a Traffix SDC security bulletin. For more information, contact your Traffix SDC technical support representative.\n\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n", "reporter": "f5", "published": "2016-06-09T20:20:00", "title": "Java vulnerabilities CVE-2013-5825 and CVE-2013-5830 ", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5830", "CVE-2013-5825"], "modified": "2017-03-14T00:49:00", "id": "F5:K48802597", "href": "https://support.f5.com/csp/article/K48802597", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:13", "references": ["https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13123.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nBIG-IP, Enterprise Manager, and BIG-IQ\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nTo mitigate this vulnerability, you can limit access to the management port, Configuration utility, and iControl REST functionality to authorized users only.\n\nTraffix SDC\n\n**Impact of action:** Performing the following mitigation should not have a negative impact on your system.\n\nAn updated JDK 1.6.60 is available from F5 via a Traffix SDC security bulletin. For more information, contact your Traffix SDC technical support representative.\n\nSupplemental Information\n\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "reporter": "f5", "published": "2016-06-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830", "bulletinFamily": "software", "affectedSoftware": [{"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0 HF2", "operator": "le"}, {"name": "11.4.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1\t\t\t10.1.0 - 10.2.4", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.5.4", "operator": "le"}, {"name": "11.0.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.5.4", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IP APM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PEM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "11.3.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP Analytics", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP PSM", "version": "11.4.1", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IP LTM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP AAM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP ASM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP WebAccelerator", "version": "10.2.4", "operator": "le"}, {"name": "10.1.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "Traffix SDC", "version": "4.0.5", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP AFM", "version": "11.6.0", "operator": "le"}, {"name": "11.0.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0 HF2", "operator": "le"}, {"name": "BIG-IP Edge Gateway", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP APM", "version": "11.6.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "10.2.4", "operator": "le"}, {"name": "BIG-IP GTM", "version": "10.2.4", "operator": "le"}, {"name": "None", "version": "12.1.0", "operator": "le"}, {"name": "BIG-IP WOM", "version": "11.3.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "BIG-IP GTM", "version": "11.5.4", "operator": "le"}, {"name": "11.4.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "BIG-IP Link Controller", "version": "11.5.4", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0 HF2", "operator": "le"}, {"name": "10.1.0 - 11.4.1", "version": "12.1.0", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "11.6.1", "operator": "le"}, {"name": "11.3.0 - 11.4.1", "version": "11.6.1", "operator": "le"}], "cvelist": ["CVE-2013-5830", "CVE-2013-5825"], "modified": "2016-08-01T00:00:00", "id": "SOL48802597", "href": "http://support.f5.com/kb/en-us/solutions/public/k/48/sol48802597.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:10", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) and INSTALLER-1887 (Traffix SDC) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 4.4.0| Medium| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-26T00:02:00", "type": "f5", "title": "Java vulnerability CVE-2013-5780", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5780"], "modified": "2017-04-06T16:51:00", "href": "https://support.f5.com/csp/article/K68942513", "id": "F5:K68942513", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-21T02:16:58", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) and INSTALLER-1887 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H61275340 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-06-20T22:12:00", "title": "Java vulnerability CVE-2013-5823", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5823"], "modified": "2017-04-06T16:50:00", "href": "https://support.f5.com/csp/article/K61275340", "id": "F5:K61275340", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:18", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 562118 (Enterprise Manager), ID 552323 (ARX) and INSTALLER-1887 (Traffix) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0 HF2| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.1.0 \n3.3.2 - 3.5.1| 5.0.0 \n4.4.0| Low| Java\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-24T19:32:00", "title": "Java vulnerability CVE-2013-5802", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5802"], "modified": "2017-04-06T16:51:00", "id": "F5:K53316849", "href": "https://support.f5.com/csp/article/K53316849", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:38", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 562118 (Enterprise Manager) and ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| Java \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-05-24T01:25:00", "title": "Java vulnerability CVE-2013-5782", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5782"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K14340611", "id": "F5:K14340611", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-06-08T00:16:34", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H78530002 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Device| 4.2.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ Security| 4.0.0 - 4.4.0| 4.5.0| High| Java \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n", "reporter": "f5", "published": "2016-06-20T22:14:00", "title": "Java vulnerability CVE-2013-5803", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2013-5803"], "modified": "2017-04-06T16:50:00", "id": "F5:K78530002", "href": "https://support.f5.com/csp/article/K78530002", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T00:16:29", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 552323 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.0 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| \nNone| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.0 \n11.3.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| 6.0.0 - 6.4.0| None| Low| Management GUI Java \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 MobileSafe| None| 1.0.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 5.0.0 \n4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2016-05-25T01:58:00", "title": "Multiple Java vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2013-5848", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5842", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5789", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2017-03-14T00:49:00", "href": "https://support.f5.com/csp/article/K95313044", "id": "F5:K95313044", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T18:44:08", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "edition": 1, "reporter": "f5", "published": "2016-05-25T00:00:00", "title": "SOL68942513 - Java vulnerability CVE-2013-5780", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IQ Cloud", "version": "4.4.0 HF2", "operator": "le"}, {"name": "BIG-IQ Device", "version": "4.4.0 HF2", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0 HF2", "operator": "le"}, {"name": "Traffix SDC", "version": "4.1.0 3.3.2", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}], "cvelist": ["CVE-2013-5780"], "modified": "2016-06-23T00:00:00", "id": "SOL68942513", "href": "http://support.f5.com/kb/en-us/solutions/public/k/68/sol68942513.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-26T17:22:55", "references": ["https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15106.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15113.html", "https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12766.html", "https://support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL12766: ARX hotfix matrix\n", "edition": 1, "reporter": "f5", "published": "2016-05-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "f5", "title": "SOL53316849 - Java vulnerability CVE-2013-5802", "bulletinFamily": "software", "affectedSoftware": [{"name": "BIG-IQ Device", "version": "4.4.0 HF2", "operator": "le"}, {"name": "Enterprise Manager", "version": "3.1.1", "operator": "le"}, {"name": "BIG-IQ Security", "version": "4.4.0 HF2", "operator": "le"}, {"name": "Traffix SDC", "version": "4.1.0", "operator": "le"}, {"name": "ARX", "version": "6.4.0", "operator": "le"}, {"name": "Traffix SDC", "version": "3.5.1", "operator": "le"}, {"name": "BIG-IQ Cloud", "version": "4.4.0 HF2", "operator": "le"}], "cvelist": ["CVE-2013-5802"], "modified": "2016-06-20T00:00:00", "id": "SOL53316849", "href": "http://support.f5.com/kb/en-us/solutions/public/k/53/sol53316849.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:39:29", "references": ["https://bugzilla.novell.com/846999", "http://download.novell.com/patch/finder/?keywords=41b2667e06be42c5dcb1c022821e91ef"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "x86_64", "packageFilename": "java-1_7_0-openjdk-devel-1.7.0.6-0.21.1.x86_64.rpm", "packageName": "java-1_7_0-openjdk-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "1.7.0.6-0.21.1", "arch": "i586", "packageFilename": "java-1_7_0-openjdk-demo-1.7.0.6-0.21.1.i586.rpm", "packageName": "java-1_7_0-openjdk-demo", "operator": "lt"}], "description": "This release updates our OpenJDK 7 support in the 2.4.x\n series with a number of security fixes and synchronises it\n with upstream development. The security issues fixed (a\n long list) can be found in the following link:\n\n <a rel=\"nofollow\" href=\"http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O\">http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O</a>\n ctober/025087.html\n &lt;<a rel=\"nofollow\" href=\"http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-\">http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-</a>\n October/025087.html&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-13T15:04:17", "title": "Security update for OpenJDK 7 (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5825", "CVE-2013-5823", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-13T15:04:17", "id": "SUSE-SU-2013:1666-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:18", "references": ["http://download.novell.com/patch/finder/?keywords=72ed1fe5b55bbe85bd66cb799815e617", "http://download.novell.com/patch/finder/?keywords=5081cdae28bd8b3832e528c33135eb2a", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-alsa-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-alsa-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-jdbc-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-plugin-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-devel-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-devel-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-32bit-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "i586", "packageFilename": "java-1_5_0-ibm-1.5.0_sr16.4-0.5.1.i586.rpm", "packageName": "java-1_5_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "x86_64", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.x86_64.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.5.0_sr16.4-0.5.1", "arch": "s390x", "packageFilename": "java-1_5_0-ibm-fonts-1.5.0_sr16.4-0.5.1.s390x.rpm", "packageName": "java-1_5_0-ibm-fonts", "operator": "lt"}], "description": "IBM Java 5 SR16-FP4 has been released which fixes lots of\n bugs and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n\n The following CVEs are fixed:\n CVE-2013-4041,CVE-2013-5375,CVE-2013-5372,CVE-2013-5843,CVE-\n 2013-5830,CVE-2013-5829,CVE-2013-5842,CVE-2013-5782,CVE-2013\n -5817,CVE-2013-5809,CVE-2013-5814,CVE-2013-5802,CVE-2013-580\n 4,CVE-2013-5783,CVE-2013-3829,CVE-2013-4002,CVE-2013-5774,CV\n E-2013-5825,CVE-2013-5840,CVE-2013-5801,CVE-2013-5778,CVE-20\n 13-5849,CVE-2013-5790,CVE-2013-5780,CVE-2013-5797,CVE-2013-5\n 803\n\n\n", "edition": 1, "reporter": "Suse", "published": "2013-11-14T16:04:15", "title": "Security update for IBM Java 5 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5782", "CVE-2013-4002", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5842", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5372", "CVE-2013-5843", "CVE-2013-5780", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5790", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797"], "modified": "2013-11-14T16:04:15", "id": "SUSE-SU-2013:1669-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00012.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["http://download.novell.com/patch/finder/?keywords=92a6b678be36dd2d8ecf92f74430bc5b", "http://download.novell.com/patch/finder/?keywords=17a9db88ef351844a3d8a3520e5c917e", "http://download.novell.com/patch/finder/?keywords=63037b81cb4f45a6e8f55663f0b31d59", "http://download.novell.com/patch/finder/?keywords=bfac4cdb47e4e4279150421690839df9", "http://download.novell.com/patch/finder/?keywords=59cacab82a07026e7b534dd6b64bd1d7", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-alsa-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-alsa", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-devel-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.9.9.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.14.1.i586.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "ppc64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.ppc64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-32bit-1.6.0_sr15.0-0.14.1.s390x.rpm", "packageName": "java-1_6_0-ibm-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.9.9.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-alsa-32bit-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-alsa-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-devel-32bit-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-devel-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "s390x", "packageFilename": "java-1_6_0-ibm-1.6.0_sr15.0-0.5.1.s390x.rpm", "packageName": "java-1_6_0-ibm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "1.6.0_sr15.0-0.14.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.14.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "i586", "packageFilename": "java-1_6_0-ibm-plugin-1.6.0_sr15.0-0.5.1.i586.rpm", "packageName": "java-1_6_0-ibm-plugin", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-jdbc-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-jdbc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "1.6.0_sr15.0-0.5.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-fonts-1.6.0_sr15.0-0.5.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-fonts", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "1.6.0_sr15.0-0.9.9.1", "arch": "x86_64", "packageFilename": "java-1_6_0-ibm-plugin-32bit-1.6.0_sr15.0-0.9.9.1.x86_64.rpm", "packageName": "java-1_6_0-ibm-plugin-32bit", "operator": "lt"}], "description": "IBM Java 6 SR15 has been released which fixes lots of bugs\n and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-19T00:04:12", "title": "Security update for Java 6 (important)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-19T00:04:12", "id": "SUSE-SU-2013:1677-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00018.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:38:36", "references": ["http://download.novell.com/patch/finder/?keywords=f509561ef73c266408b23c081a5bfd6f", "https://bugzilla.novell.com/849212", "http://download.novell.com/patch/finder/?keywords=ef51c242d9ef6e9ca30f6407189dda8b"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-plugin", "packageFilename": "java-1_7_0-ibm-plugin-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm", "packageFilename": "java-1_7_0-ibm-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-devel", "packageFilename": "java-1_7_0-ibm-devel-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-alsa", "packageFilename": "java-1_7_0-ibm-alsa-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Java", "OSVersion": "11.2", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "1.7.0_sr6.0-0.7.1", "packageName": "java-1_7_0-ibm-jdbc", "packageFilename": "java-1_7_0-ibm-jdbc-1.7.0_sr6.0-0.7.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "IBM Java 7 SR6 has been released and fixes lots of bugs and\n security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-22T08:04:19", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java 7 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-22T08:04:19", "id": "SUSE-SU-2013:1677-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:36", "references": ["http://download.novell.com/patch/finder/?keywords=ee3af08cb4368a9b3504c613b99084af", "https://bugzilla.novell.com/849212"], "affectedPackage": [{"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-JRE", "packageFilename": "IBMJava5-JRE-1.5.0_sr16.4-0.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE CORE", "OSVersion": "9", "packageVersion": "1.5.0_sr16.4-0.4", "packageName": "IBMJava5-SDK", "packageFilename": "IBMJava5-SDK-1.5.0_sr16.4-0.4.s390.rpm", "arch": "s390", "operator": "lt"}], "description": "IBM Java 5 SR16-FP4 has been released which fixes lots of\n bugs and security issues.\n\n More information can be found on:\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>&gt;\n", "edition": 1, "reporter": "Suse", "published": "2013-11-15T00:04:35", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "suse", "title": "Security update for IBM Java 5 (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2013-11-15T00:04:35", "id": "SUSE-SU-2013:1677-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-01-14T08:07:18", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n10/16/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Oracle products. By exploiting these vulnerabilities malicious users can affect integrity, confidentiality and availability. These vulnerabilities can be exploited remotely via an unknwn vectors related to CORBA, JNDI, BEANS, AWT, JAX-WS, Security, JGSS, Javadoc, SCRIPTING, JavaFX, Swing, Libraries, jhat, Deployment, 2D, JAXP and other unknown vectors.\n\n### *Affected products*:\nOracle Java SE 7 versions 7.40 and earlier \nOracle Java SE 6 versions 6.60 and earlier \nOracle Java SE 5 versions 5.51 and earlier \nOracle JRockit R28 versions 28.2.8 and earlier \nOracle JRockit R27 versions 27.7.6 and earlier\n\n### *Solution*:\nUpdate to latest version! \n[Java SE download page](<http://www.oracle.com/technetwork/java/javase/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Sun Java JRE](<https://threats.kaspersky.com/en/product/Sun-Java-JRE/>)\n\n### *CVE-IDS*:\n[CVE-2013-5787](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787>) \n[CVE-2013-5783](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783>) \n[CVE-2013-5800](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800>) \n[CVE-2013-5810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5810>) \n[CVE-2013-5803](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803>) \n[CVE-2013-5838](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838>) \n[CVE-2013-5852](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852>) \n[CVE-2013-5790](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790>) \n[CVE-2013-3829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829>) \n[CVE-2013-5854](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5854>) \n[CVE-2013-5848](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848>) \n[CVE-2013-5806](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5806>) \n[CVE-2013-5829](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829>) \n[CVE-2013-5849](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849>) \n[CVE-2013-5797](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797>) \n[CVE-2013-4002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002>) \n[CVE-2013-5844](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5844>) \n[CVE-2013-5784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784>) \n[CVE-2013-5846](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5846>) \n[CVE-2013-5805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5805>) \n[CVE-2013-5804](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804>) \n[CVE-2013-5775](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5775>) \n[CVE-2013-5825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825>) \n[CVE-2013-5843](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843>) \n[CVE-2013-5812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812>) \n[CVE-2013-5842](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842>) \n[CVE-2013-5778](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778>) \n[CVE-2013-5823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823>) \n[CVE-2013-5772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772>) \n[CVE-2013-5774](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774>) \n[CVE-2013-5840](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840>) \n[CVE-2013-5789](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789>) \n[CVE-2013-5782](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782>) \n[CVE-2013-5780](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780>) \n[CVE-2013-5809](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809>) \n[CVE-2013-5824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824>) \n[CVE-2013-5777](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5777>) \n[CVE-2013-5819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819>) \n[CVE-2013-5818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818>) \n[CVE-2013-5814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814>) \n[CVE-2013-5817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817>) \n[CVE-2013-5801](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801>) \n[CVE-2013-5776](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776>) \n[CVE-2013-5832](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832>) \n[CVE-2013-5831](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831>) \n[CVE-2013-5830](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830>) \n[CVE-2013-5788](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788>) \n[CVE-2013-5820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820>) \n[CVE-2013-5802](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802>) \n[CVE-2013-5851](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851>) \n[CVE-2013-5850](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850>)", "edition": 31, "reporter": "Kaspersky Lab", "published": "2013-10-16T00:00:00", "title": "\r KLA10492Multiple vulnerabilities in Oracle products ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "info", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5846", "CVE-2013-5818", "CVE-2013-4002", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5852", "CVE-2013-5854", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5814", "CVE-2013-5775", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5844", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2019-01-04T00:00:00", "id": "KLA10492", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10492", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-01-05T12:21:26", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1509.html", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/88003", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://www.securityfocus.com/bid/63106", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1018750", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 4, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.", "reporter": "NVD", "published": "2013-10-16T13:55:06", "title": "CVE-2013-5849", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:18971", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18971"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5849"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:43", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5849", "id": "CVE-2013-5849", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-05T12:21:26", "references": ["https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www.securityfocus.com/bid/63153", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 4, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.", "reporter": "NVD", "published": "2013-10-16T13:55:06", "title": "CVE-2013-5850", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19150", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19150"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5850"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:43", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5850", "id": "CVE-2013-5850", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-19T13:38:55", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "https://exchange.xforce.ibmcloud.com/vulnerabilities/87997", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://www.securityfocus.com/bid/63142", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.", "reporter": "NVD", "published": "2013-10-16T14:55:03", "title": "CVE-2013-5851", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19061", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19061"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5851"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:oracle:jre:1.7.0:update9"], "modified": "2017-09-18T21:36:54", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5851", "id": "CVE-2013-5851", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:54", "references": ["http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 2, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.", "reporter": "NVD", "published": "2013-10-16T13:55:05", "title": "CVE-2013-5800", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19093", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19093"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5800"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:oracle:jre:1.7.0:update9"], "modified": "2017-09-18T21:36:51", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5800", "id": "CVE-2013-5800", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-05T12:21:25", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1509.html", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1018785", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://www.securityfocus.com/bid/63115", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 4, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.", "reporter": "NVD", "published": "2013-10-16T11:55:34", "title": "CVE-2013-5780", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19101", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19101"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5780"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jrockit:r27.7.1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jrockit:r28.0.0", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:oracle:jrockit:r28.1.0", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jrockit:r28.1.1", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:oracle:jrockit:r28.2.8", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:oracle:jrockit:r28.1.5", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:oracle:jrockit:r27.7.3", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jrockit:r28.1.4", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jrockit:r28.2.2", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jrockit:r28.2.5", "cpe:/a:oracle:jrockit:r27.7.4", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jrockit:r28.2.6", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:oracle:jrockit:r27.7.2", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:oracle:jrockit:r28.0.2", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:oracle:jrockit:r27.7.5", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jrockit:r28.2.3", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jrockit:r28.1.3", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:oracle:jrockit:r27.7.6", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:oracle:jrockit:r28.0.1", "cpe:/a:oracle:jrockit:r28.2.4", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5780", "id": "CVE-2013-5780", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-05T12:21:26", "references": ["http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://www.securityfocus.com/bid/63133", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.", "reporter": "NVD", "published": "2013-10-16T13:55:05", "title": "CVE-2013-5820", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19206", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19206"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5820"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:42", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5820", "id": "CVE-2013-5820", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-05T12:21:25", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1509.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1018984", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.securityfocus.com/bid/63134", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "reporter": "NVD", "published": "2013-10-16T11:55:34", "title": "CVE-2013-5778", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19020", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19020"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5778"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:39", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5778", "id": "CVE-2013-5778", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-19T13:38:55", "references": ["http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://www.securityfocus.com/bid/63131", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 2, "description": "Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "reporter": "NVD", "published": "2013-10-16T13:55:05", "title": "CVE-2013-5838", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19141", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19141"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5838"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:oracle:jre:1.7.0:update9"], "modified": "2017-09-18T21:36:53", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5838", "id": "CVE-2013-5838", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-05T12:21:26", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1509.html", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www.securityfocus.com/bid/63101", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 3, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.", "reporter": "NVD", "published": "2013-10-16T13:55:05", "title": "CVE-2013-5825", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19046", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19046"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5825"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jrockit:r27.7.1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:oracle:jdk:1.7.0:update10", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0:update15", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jdk:1.7.0:update9", "cpe:/a:oracle:jdk:1.7.0:update3", "cpe:/a:oracle:jrockit:r28.0.0", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:oracle:jdk:1.7.0:update1", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:oracle:jrockit:r28.1.0", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jrockit:r28.1.1", "cpe:/a:oracle:jdk:1.7.0:update7", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:oracle:jrockit:r28.2.8", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:oracle:jdk:1.7.0:update5", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:oracle:jrockit:r28.1.5", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:oracle:jrockit:r27.7.3", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jrockit:r28.1.4", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jrockit:r28.2.2", "cpe:/a:oracle:jdk:1.7.0:update17", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jrockit:r28.2.5", "cpe:/a:oracle:jrockit:r27.7.4", "cpe:/a:oracle:jdk:1.7.0:update25", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jrockit:r28.2.6", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:oracle:jrockit:r27.7.2", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jdk:1.7.0:update13", "cpe:/a:oracle:jrockit:r28.0.2", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:oracle:jrockit:r27.7.5", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jrockit:r28.2.3", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:oracle:jdk:1.7.0:update11", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jdk:1.7.0:update6", "cpe:/a:oracle:jrockit:r28.1.3", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:oracle:jdk:1.7.0:update21", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:oracle:jdk:1.7.0:update4", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:oracle:jdk:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:oracle:jrockit:r27.7.6", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:oracle:jrockit:r28.0.1", "cpe:/a:oracle:jrockit:r28.2.4", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jdk:1.7.0:update2", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:42", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5825", "id": "CVE-2013-5825", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-05T12:21:26", "references": ["http://rhn.redhat.com/errata/RHSA-2013-1509.html", "http://www.securityfocus.com/bid/63149", "http://marc.info/?l=bugtraq&m=138674031212883&w=2", "https://access.redhat.com/errata/RHSA-2014:0414", "http://rhn.redhat.com/errata/RHSA-2013-1508.html", "http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html", "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "http://rhn.redhat.com/errata/RHSA-2013-1793.html", "http://rhn.redhat.com/errata/RHSA-2013-1505.html", "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "http://www.ubuntu.com/usn/USN-2033-1", "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", "http://support.apple.com/kb/HT5982", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html", "http://rhn.redhat.com/errata/RHSA-2013-1451.html", "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1019131", "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html", "http://rhn.redhat.com/errata/RHSA-2013-1507.html", "http://security.gentoo.org/glsa/glsa-201406-32.xml", "http://www.ubuntu.com/usn/USN-2089-1", "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html", "http://rhn.redhat.com/errata/RHSA-2013-1447.html"], "edition": 4, "description": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.", "reporter": "NVD", "published": "2013-10-16T13:55:05", "title": "CVE-2013-5804", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:19188", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19188"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5804"], "scanner": [], "cpe": ["cpe:/a:oracle:jre:1.7.0:update3", "cpe:/a:sun:jdk:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_20", "cpe:/a:oracle:jre:1.6.0:update_45", "cpe:/a:sun:jdk:1.6.0:update1_b06", "cpe:/a:oracle:jdk:1.6.0:update_43", "cpe:/a:oracle:jdk:1.6.0:update_23", "cpe:/a:sun:jdk:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update33", "cpe:/a:oracle:jre:1.7.0:update1", "cpe:/a:oracle:jrockit:r27.7.1", "cpe:/a:sun:jdk:1.5.0:update26", "cpe:/a:sun:jdk:1.6.0:update_17", "cpe:/a:sun:jdk:1.5.0:update3", "cpe:/a:sun:jre:1.6.0:update_2", "cpe:/a:sun:jre:1.6.0:update_7", "cpe:/a:sun:jdk:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_35", "cpe:/a:oracle:jdk:1.6.0:update_24", "cpe:/a:oracle:jre:1.6.0:update_35", "cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0:update_34", "cpe:/a:sun:jdk:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_41", "cpe:/a:sun:jre:1.6.0:update_17", "cpe:/a:sun:jre:1.5.0:update3", "cpe:/a:oracle:jrockit:r28.0.0", "cpe:/a:sun:jdk:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update13", "cpe:/a:oracle:jdk:1.5.0:update_45", "cpe:/a:oracle:jre:1.6.0:update_43", "cpe:/a:oracle:jre:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update16", "cpe:/a:sun:jre:1.5.0:update26", "cpe:/a:oracle:jre:1.7.0:update4", "cpe:/a:sun:jdk:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0:update10", "cpe:/a:sun:jre:1.6.0:update_13", "cpe:/a:sun:jdk:1.6.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_32", "cpe:/a:oracle:jre:1.7.0:update6", "cpe:/a:sun:jre:1.5.0:update18", "cpe:/a:sun:jre:1.6.0:update_3", "cpe:/a:sun:jre:1.6.0:update_1", "cpe:/a:sun:jre:1.5.0:update19", "cpe:/a:sun:jre:1.5.0:update27", "cpe:/a:oracle:jdk:1.6.0:update_34", "cpe:/a:sun:jdk:1.6.0:update_15", "cpe:/a:sun:jdk:1.5.0:update25", "cpe:/a:sun:jre:1.6.0", "cpe:/a:sun:jdk:1.6.0:update_20", "cpe:/a:sun:jdk:1.5.0:update24", "cpe:/a:sun:jdk:1.6.0:update_5", "cpe:/a:sun:jre:1.5.0:update14", "cpe:/a:oracle:jre:1.6.0:update_32", "cpe:/a:sun:jre:1.6.0:update_4", "cpe:/a:oracle:jre:1.5.0:update_45", "cpe:/a:oracle:jre:1.5.0:update_38", "cpe:/a:oracle:jre:1.6.0:update_31", "cpe:/a:oracle:jre:1.7.0:update7", "cpe:/a:sun:jre:1.6.0:update_11", "cpe:/a:oracle:jre:1.5.0:update_36", "cpe:/a:sun:jre:1.5.0:update29", "cpe:/a:sun:jdk:1.5.0:update23", "cpe:/a:oracle:jrockit:r28.1.0", "cpe:/a:sun:jre:1.5.0:update6", "cpe:/a:oracle:jre:1.7.0:update11", "cpe:/a:sun:jre:1.6.0:update_10", "cpe:/a:oracle:jre:1.6.0:update_29", "cpe:/a:sun:jdk:1.6.0:update_16", "cpe:/a:sun:jdk:1.6.0:update_18", "cpe:/a:oracle:jdk:1.6.0:update_31", "cpe:/a:sun:jre:1.5.0:update4", "cpe:/a:oracle:jrockit:r28.1.1", "cpe:/a:sun:jdk:1.6.0:update_4", "cpe:/a:oracle:jrockit:r28.2.8", "cpe:/a:sun:jdk:1.6.0:update_11", "cpe:/a:oracle:jre:1.7.0:update17", "cpe:/a:sun:jre:1.5.0:update17", "cpe:/a:oracle:jre:1.5.0:update_51", "cpe:/a:sun:jre:1.5.0:update8", "cpe:/a:oracle:jre:1.5.0:update_40", "cpe:/a:sun:jre:1.5.0:update28", "cpe:/a:oracle:jrockit:r28.1.5", "cpe:/a:sun:jdk:1.5.0:update11", "cpe:/a:oracle:jre:1.6.0:update_39", "cpe:/a:oracle:jre:1.6.0:update_26", "cpe:/a:sun:jdk:1.5.0:update6", "cpe:/a:sun:jdk:1.6.0:update_21", "cpe:/a:oracle:jrockit:r27.7.3", "cpe:/a:sun:jdk:1.5.0:update13", "cpe:/a:oracle:jrockit:r28.1.4", "cpe:/a:oracle:jdk:1.6.0:update_33", "cpe:/a:oracle:jre:1.7.0:update13", "cpe:/a:oracle:jrockit:r28.2.2", "cpe:/a:sun:jdk:1.5.0:update17", "cpe:/a:oracle:jdk:1.5.0:update_40", "cpe:/a:sun:jdk:1.5.0:update10", "cpe:/a:oracle:jdk:1.6.0:update_39", "cpe:/a:oracle:jre:1.7.0:update5", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:oracle:jrockit:r28.2.5", "cpe:/a:oracle:jrockit:r27.7.4", "cpe:/a:sun:jre:1.5.0", "cpe:/a:sun:jdk:1.6.0:update_13", "cpe:/a:sun:jre:1.5.0:update1", "cpe:/a:oracle:jdk:1.6.0:update_29", "cpe:/a:sun:jdk:1.5.0:update21", "cpe:/a:sun:jre:1.5.0:update33", "cpe:/a:sun:jdk:1.5.0:update11_b03", "cpe:/a:oracle:jrockit:r28.2.6", "cpe:/a:oracle:jre:1.7.0:update21", "cpe:/a:oracle:jre:1.6.0:update_24", "cpe:/a:oracle:jrockit:r27.7.2", "cpe:/a:sun:jdk:1.6.0:update1", "cpe:/a:oracle:jrockit:r28.0.2", "cpe:/a:sun:jdk:1.6.0:update_6", "cpe:/a:sun:jre:1.6.0:update_5", "cpe:/a:oracle:jre:1.6.0:update_23", "cpe:/a:oracle:jre:1.7.0:update_40", "cpe:/a:sun:jdk:1.5.0:update4", "cpe:/a:oracle:jre:1.6.0:update_41", "cpe:/a:oracle:jrockit:r27.7.5", "cpe:/a:sun:jre:1.5.0:update15", "cpe:/a:oracle:jre:1.6.0:update_60", "cpe:/a:sun:jdk:1.5.0:update1", "cpe:/a:oracle:jrockit:r28.2.3", "cpe:/a:oracle:jdk:1.6.0:update_45", "cpe:/a:oracle:jdk:1.6.0:update_27", "cpe:/a:sun:jdk:1.5.0:update20", "cpe:/a:sun:jre:1.5.0:update24", "cpe:/a:oracle:jre:1.6.0:update_25", "cpe:/a:oracle:jdk:1.5.0:update_51", "cpe:/a:sun:jre:1.6.0:update_19", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:sun:jre:1.5.0:update7", "cpe:/a:sun:jdk:1.6.0:update_10", "cpe:/a:sun:jre:1.5.0:update10", "cpe:/a:sun:jdk:1.6.0:update_12", "cpe:/a:oracle:jdk:1.6.0:update_60", "cpe:/a:sun:jre:1.6.0:update_16", "cpe:/a:oracle:jdk:1.6.0:update_37", "cpe:/a:sun:jdk:1.5.0:update2", "cpe:/a:sun:jre:1.5.0:update2", "cpe:/a:oracle:jdk:1.6.0:update_25", "cpe:/a:sun:jdk:1.5.0:update7", "cpe:/a:oracle:jdk:1.6.0:update_51", "cpe:/a:sun:jre:1.5.0:update12", "cpe:/a:sun:jdk:1.5.0:update22", "cpe:/a:sun:jdk:1.5.0:update14", "cpe:/a:sun:jre:1.5.0:update23", "cpe:/a:oracle:jre:1.7.0:update25", "cpe:/a:oracle:jdk:1.6.0:update_41", "cpe:/a:sun:jre:1.5.0:update9", "cpe:/a:sun:jre:1.6.0:update_18", "cpe:/a:sun:jre:1.6.0:update_14", "cpe:/a:oracle:jre:1.6.0:update_30", "cpe:/a:sun:jdk:1.5.0:update15", "cpe:/a:sun:jre:1.5.0:update31", "cpe:/a:sun:jre:1.6.0:update_12", "cpe:/a:sun:jre:1.5.0:update22", "cpe:/a:sun:jre:1.6.0:update_6", "cpe:/a:oracle:jrockit:r28.1.3", "cpe:/a:oracle:jdk:1.5.0:update_36", "cpe:/a:sun:jre:1.6.0:update_9", "cpe:/a:sun:jdk:1.5.0:update31", "cpe:/a:sun:jdk:1.5.0:update5", "cpe:/a:oracle:jre:1.6.0:update_37", "cpe:/a:oracle:jdk:1.6.0:update_38", "cpe:/a:sun:jdk:1.5.0:update29", "cpe:/a:sun:jre:1.6.0:update_21", "cpe:/a:oracle:jdk:1.6.0:update_26", "cpe:/a:oracle:jre:1.6.0:update_33", "cpe:/a:oracle:jdk:1.6.0:update_30", "cpe:/a:sun:jre:1.5.0:update25", "cpe:/a:sun:jdk:1.5.0:update28", "cpe:/a:oracle:jre:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_3", "cpe:/a:oracle:jdk:1.5.0:update_38", "cpe:/a:sun:jre:1.5.0:update21", "cpe:/a:oracle:jrockit:r27.7.6", "cpe:/a:sun:jdk:1.5.0:update7_b03", "cpe:/a:sun:jre:1.5.0:update5", "cpe:/a:sun:jre:1.6.0:update_15", "cpe:/a:oracle:jre:1.7.0:update2", "cpe:/a:sun:jre:1.5.0:update11", "cpe:/a:oracle:jdk:1.5.0:update_41", "cpe:/a:oracle:jre:1.6.0:update_27", "cpe:/a:oracle:jrockit:r28.0.1", "cpe:/a:oracle:jrockit:r28.2.4", "cpe:/a:sun:jdk:1.5.0:update18", "cpe:/a:oracle:jdk:1.6.0:update_22", "cpe:/a:sun:jdk:1.6.0:update_14", "cpe:/a:oracle:jre:1.7.0:update15", "cpe:/a:sun:jre:1.5.0:update20", "cpe:/a:sun:jdk:1.5.0:update19", "cpe:/a:oracle:jre:1.7.0:update9", "cpe:/a:sun:jdk:1.6.0:update_7", "cpe:/a:oracle:jre:1.6.0:update_38"], "modified": "2018-01-04T21:29:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5804", "id": "CVE-2013-5804", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "aix": [{"lastseen": "2018-08-31T00:08:36", "aixFileset": [{"productVersions": ["any"], "versionGte": "7.0.0.0", "fileset": "Java7", "versionLte": "7.0.0.110", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "5.0.0.0", "fileset": "Java5", "versionLte": "5.0.0.560", "productName": "aix"}, {"productVersions": ["any"], "versionGte": "6.0.0.0", "fileset": "Java6", "versionLte": "6.0.0.435", "productName": "aix"}], "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nIBM SECURITY ADVISORY\n\nFirst Issued: Wed Dec 11 10:53:34 CST 2013\n| Updated: Mon Feb 3 10:36:58 CST 2014\n| Updated: Sections II and III modifications\n| Updated: Includes VIOS\n\nThe most recent version of this document is available here:\n\nhttps://aix.software.ibm.com/aix/efixes/security/java_advisory.asc\nftp://aix.software.ibm.com/aix/efixes/security/java_advisory.asc\n\n===============================================================================\n VULNERABILITY SUMMARY\n\nVULNERABILITY: Multiple vulnerabilities in current releases of the IBM\u00ae SDK,\n\t\t\t\t Java Technology Edition.\n\nPLATFORMS: PowerSC and AIX 5.3, 6.1 and 7.1.\n| VIOS 2.2.x\n\nSOLUTION: Apply the fix as described below.\n\nTHREAT: Varies threats described below.\n\nCERT VU Number: n/a\nCVE Numbers: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 \n CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 \n CVE-2013-5830 CVE-2013-5829 CVE-2013-5787 CVE-2013-5788 \n CVE-2013-5824 CVE-2013-5842 CVE-2013-5782 CVE-2013-5817 \n CVE-2013-5809 CVE-2013-5814 CVE-2013-5832 CVE-2013-5850 \n CVE-2013-5838 CVE-2013-5802 CVE-2013-5812 CVE-2013-5804 \n CVE-2013-5783 CVE-2013-3829 CVE-2013-5823 CVE-2013-5831 \n CVE-2013-5820 CVE-2013-5819 CVE-2013-5818 CVE-2013-5848 \n CVE-2013-5776 CVE-2013-5774 CVE-2013-5825 CVE-2013-5840 \n CVE-2013-5801 CVE-2013-5778 CVE-2013-5851 CVE-2013-5800 \n CVE-2013-5784 CVE-2013-5849 CVE-2013-5790 CVE-2013-5780 \n CVE-2013-5797 CVE-2013-5803 CVE-2013-5772 \n\n|Reboot required? NO\n|Workarounds? NO\n \n===============================================================================\n DETAILED INFORMATION\n\nI. DESCRIPTION\n\n There are a number of vulnerabilities in the IBM SDK, Java Technology\n Edition that affect various components. CVE-2013-5456, CVE-2013-5457 and\n CVE-2013-5458 allow code running under a security manager to escalate its\n privileges by modifying or removing the security manager. CVE-2013-4041 \n and CVE-2013-5375 allow code running under a security manager to access \n restricted classes. These vulnerabilities could occur when untrusted code \n is executed under a security manager, or when the IBM SDK, Java Technology\n Edition has been associated with a web browser for running applets and Web\n Start applications.\n\n CVE-2013-5372 is a denial of service vulnerability which could result in a \n complete availability impact on the affected system.\n\n This bulletin also covers all applicable CVEs published by Oracle as part \n of their October 2013 Java SE Critical Patch Update. For more information \n please refer to Oracle's October 2013 Java SE CPU Advisory. \n\nII. CVSS\n\n CVEID: CVE-2013-5456\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88255 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-5457\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88256 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-5458\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88257 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)\n\n CVEID: CVE-2013-4041\n CVSS Base Score: 6.8\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86416 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVEID: CVE-2013-5375\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86901 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n CVEID: CVE-2013-5372\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86662 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVEID: CVE-2013-5843\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87971 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5789\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87968 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5830\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87961 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5829\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87963 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5787\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87967 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5788\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87966 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5824\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87965 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5842\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87970 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5782\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87960 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5817\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87969 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5809\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87962 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5814\n CVSS Base Score: 10\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87964 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5832\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87972 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5850\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87973 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5838\n CVSS Base Score: 9.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87974 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)\n\n CVEID: CVE-2013-5802\n CVSS Base Score: 7.5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87982 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)\n\n CVEID: CVE-2013-5812\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87985 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/P)\n\n CVEID: CVE-2013-5804\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87984 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-5783\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87987 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-3829\n CVSS Base Score: 6.4\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87986 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)\n\n CVEID: CVE-2013-5823\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87989 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5831\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87995 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5820\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87996 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5819\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87994 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5818\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87993 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5848\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88000 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5776\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87992 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5774\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87999 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5825\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87988 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5840\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87998 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5801\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87991 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5778\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87990 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5851\n CVSS Base Score: 5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87997 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5800\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88002 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5784\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88005 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/N:I/P:A/N)\n \n CVEID: CVE-2013-5849\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88003 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5790\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88004 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5780\n CVSS Base Score: 4.3\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)\n\n CVEID: CVE-2013-5797\n CVSS Base Score: 3.5\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88006 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/M:Au/S:C/N:I/P:A/N)\n\n CVEID: CVE-2013-5803\n CVSS Base Score: 2.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88008 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P)\n\n CVEID: CVE-2013-5772\n CVSS Base Score: 2.6\n CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88007 for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N) \n\n| III. PLATFORM VULNERABILITY ASSESSMENT\n\n| To determine if your system is vulnerable, run the following commands for the Java version\n| on your system:\n\n| # lslpp -l | grep Java | grep sdk\n| # lslpp -l | grep Java | grep jre\n\n| The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:\n| For Java5: Less than 5.0.0.560\n| For Java6: Less than 6.0.0.435\n| For Java7: Less than 7.0.0.110\n\n| Java7 Release 1: 7.1.0.000 is NOT vulnerable\n\nIV. FIXES\n\n AFFECTED PRODUCTS AND VERSIONS:\n AIX 5.3\n AIX 6.1\n AIX 7.1\n PowerSC \n| VIOS 2.2.x\n\n REMEDIATION:\n IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 4 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j5b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j5b&S_TACT=105AGX05&S_CMP=JDK\n\n IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j6b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j6b&S_TACT=105AGX05&S_CMP=JDK\n\n IBM SDK, Java Technology Edition, Version 7 Service Refresh 6 and later\n 32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j7b&S_TACT=105AGX05&S_CMP=JDK\n 64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j7b&S_TACT=105AGX05&S_CMP=JDK\n\n To learn more about AIX support levels and Java service releases, see the following:\n http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels\n\nV. WORKAROUNDS\n\n None\n\nVI. CONTACT INFORMATION\n\n If you would like to receive AIX Security Advisories via email,\n please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq \n\n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To request the PGP public key that can be used to communicate\n securely with the AIX Security Team you can either:\n\n A. Send an email with \"get key\" in the subject line to:\n\n security-alert@austin.ibm.com\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n eServer is a trademark of International Business Machines\n Corporation. IBM, AIX and pSeries are registered trademarks of\n International Business Machines Corporation. All other trademarks\n are property of their respective holders.\n\nVII. REFERENCES:\n\n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n CVE-2013-5456: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5456\n CVE-2013-5457: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5457\n CVE-2013-5458: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5458 \n CVE-2013-4041: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4041 \n CVE-2013-5375: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5375\n CVE-2013-5372: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5372\n CVE-2013-5843: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843\n CVE-2013-5789: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789\n CVE-2013-5830: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830\n CVE-2013-5829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829 \n CVE-2013-5787: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787\n CVE-2013-5788: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5788\n CVE-2013-5824: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824\n CVE-2013-5842: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842\n CVE-2013-5782: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782\n CVE-2013-5817: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817\n CVE-2013-5809: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809\n CVE-2013-5814: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814\n CVE-2013-5832: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832\n CVE-2013-5850: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850\n CVE-2013-5838: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838\n CVE-2013-5802: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802\n CVE-2013-5812: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812\n CVE-2013-5804: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804\n CVE-2013-5783: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783\n CVE-2013-3829: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829\n CVE-2013-5823: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823\n CVE-2013-5831: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831\n CVE-2013-5820: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820\n CVE-2013-5819: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819\n CVE-2013-5818: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818\n CVE-2013-5848: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848\n CVE-2013-5776: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776\n CVE-2013-5774: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774\n CVE-2013-5825: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825\n CVE-2013-5840: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840\n CVE-2013-5801: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801\n CVE-2013-5778: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778\n CVE-2013-5851: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5851\n CVE-2013-5800: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5800\n CVE-2013-5784: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784\n CVE-2013-5849: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849\n CVE-2013-5790: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790\n CVE-2013-5780: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780\n CVE-2013-5797: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797\n CVE-2013-5803: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803\n CVE-2013-5772: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772\n\n *The CVSS Environment Score is customer environment specific and will\n ultimately impact the Overall CVSS Score. Customers can evaluate the\n impact of this vulnerability in their environments by accessing the links\n in the Reference section of this Flash.\n\n Note: According to the Forum of Incident Response and Security Teams\n (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry\n open standard designed to convey vulnerability severity and help to\n determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES\n \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF\n MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE\n RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY\n VULNERABILITY.\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (AIX)\n\niEYEARECAAYFAlLvxe4ACgkQ4fmd+Ci/qhIyJwCghirbKIbzL2db7Xa9FO8OqgQE\n6OsAni19Xm6ZmA0RHMjPG46p/4wk8p8D\n=rWHF\n-----END PGP SIGNATURE-----\n", "edition": 3, "reporter": "CentOS Project", "published": "2013-12-11T10:53:34", "title": "Multiple Java vulnerabilities", "type": "aix", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "aix": {"apars": []}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-5848", "CVE-2013-5782", "CVE-2013-5818", "CVE-2013-5850", "CVE-2013-5778", "CVE-2013-5375", "CVE-2013-5776", "CVE-2013-5788", "CVE-2013-5842", "CVE-2013-5830", "CVE-2013-5832", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2013-5817", "CVE-2013-5787", "CVE-2013-5372", "CVE-2013-5825", "CVE-2013-5789", "CVE-2013-5823", "CVE-2013-5843", "CVE-2013-5812", "CVE-2013-5849", "CVE-2013-5780", "CVE-2013-5456", "CVE-2013-5824", "CVE-2013-5831", "CVE-2013-5458", "CVE-2013-5814", "CVE-2013-4041", "CVE-2013-5829", "CVE-2013-5803", "CVE-2013-5819", "CVE-2013-5774", "CVE-2013-3829", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5457", "CVE-2013-5790", "CVE-2013-5838", "CVE-2013-5840", "CVE-2013-5801", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "modified": "2014-02-03T10:36:58", "id": "JAVA_ADVISORY.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/java_advisory.asc", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "symantec": [{"lastseen": "2018-03-12T02:29:12", "references": ["http://www.oracle.com/technetwork/java/index.html"], "description": "### Description\n\nOracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 7u25, Java SE Embedded 7u25\n\n### Technologies Affected\n\n * Avaya IP Office Application Server 9.0 \n * Avaya IP Office Server Edition 9.0 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Gentoo Linux \n * HP HP-UX B.11.31 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM InfoSphere Streams 1.0 \n * IBM InfoSphere Streams 1.0.1 \n * IBM InfoSphere Streams 1.2 \n * IBM InfoSphere Streams 2.0 \n * IBM InfoSphere Streams 3.0 \n * IBM InfoSphere Streams 3.1.0.0 \n * IBM InfoSphere Streams 3.2 \n * IBM Java SDK 1.4.2 \n * IBM Java SDK 5 \n * IBM Java SDK 6 \n * IBM Java SDK 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.0.2 FP4 \n * IBM Lotus Domino 8.0.2 Fix Pack 5 \n * IBM Lotus Domino 8.0.2.1 \n * IBM Lotus Domino 8.0.2.2 \n * IBM Lotus Domino 8.0.2.3 \n * IBM Lotus Domino 8.0.2.4 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.0.1 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.1 Fix Pack 2 \n * IBM Lotus Domino 8.5.1.1 \n * IBM Lotus Domino 8.5.1.2 \n * IBM Lotus Domino 8.5.1.3 \n * IBM Lotus Domino 8.5.1.4 \n * IBM Lotus Domino 8.5.1.5 \n * IBM Lotus Domino 8.5.1FP5 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.2 FP2 \n * IBM Lotus Domino 8.5.2 FP3 \n * IBM Lotus Domino 8.5.2 FP3 \n * IBM Lotus Domino 8.5.2 FP4 \n * IBM Lotus Domino 8.5.2.0 \n * IBM Lotus Domino 8.5.2.1 \n * IBM Lotus Domino 8.5.2.2 \n * IBM Lotus Domino 8.5.2.3 \n * IBM Lotus Domino 8.5.2.4 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 8.5.3 Fix Pack 3 \n * IBM Lotus Domino 8.5.3 Fix Pack 4 \n * IBM Lotus Domino 8.5.3 Fix Pack 5 \n * IBM Lotus Domino 8.5.3.0 \n * IBM Lotus Domino 8.5.3.1 \n * IBM Lotus Domino 8.5.3.2 \n * IBM Lotus Domino 8.5.3.3 \n * IBM Lotus Domino 8.5.3.4 \n * IBM Lotus Domino 8.5.3.5 \n * IBM Lotus Domino 8.5.3.6 \n * IBM Lotus Domino 8.5.3FP1 \n * IBM Lotus Domino 8.5.4 \n * IBM Lotus Domino 8.5FP1 \n * IBM Lotus Domino 9.0 \n * IBM Lotus Domino 9.0.0.0 \n * IBM Lotus Domino 9.0.1.0 \n * IBM Lotus Notes 8.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.0.2 FP6 \n * IBM Lotus Notes 8.0.2.0 \n * IBM Lotus Notes 8.0.2.1 \n * IBM Lotus Notes 8.0.2.2 \n * IBM Lotus Notes 8.0.2.3 \n * IBM Lotus Notes 8.0.2.4 \n * IBM Lotus Notes 8.0.2.5 \n * IBM Lotus Notes 8.0.2.6 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.0.0 \n * IBM Lotus Notes 8.5.0.1 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.1 FP5 \n * IBM Lotus Notes 8.5.1.2 \n * IBM Lotus Notes 8.5.1.3 \n * IBM Lotus Notes 8.5.1.4 \n * IBM Lotus Notes 8.5.1.5 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.2 FP2 \n * IBM Lotus Notes 8.5.2.0 \n * IBM Lotus Notes 8.5.2.1 \n * IBM Lotus Notes 8.5.2.2 \n * IBM Lotus Notes 8.5.2.3 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 8.5.3 Fix Pack 2 \n * IBM Lotus Notes 8.5.3 Fix Pack 3 \n * IBM Lotus Notes 8.5.3 Fix Pack 4 \n * IBM Lotus Notes 8.5.3 Fix Pack 5 \n * IBM Lotus Notes 8.5.3.1 \n * IBM Lotus Notes 8.5.3.2 \n * IBM Lotus Notes 8.5.3.3 \n * IBM Lotus Notes 8.5.3.4 \n * IBM Lotus Notes 8.5.3.5 \n * IBM Lotus Notes 8.5.4 \n * IBM Lotus Notes 9.0 \n * IBM Lotus Notes 9.0.1 \n * IBM Operational Decision Manager 8.0 \n * IBM Operational Decision Manager 8.5 \n * IBM PowerSC \n * IBM Smart Analytics System 5600 1 \n * IBM Smart Analytics System 5600 10.1 \n * IBM Smart Analytics System 5600 2 \n * IBM Smart Analytics System 5600 3 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Application Dependency Discovery Manager 7.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.5 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.4 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.4 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0.1 \n * IBM Tivoli Endpoint Manager 9.0.0 \n * IBM Tivoli Endpoint Manager 9.0.1 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Policy Driven Software Distribution 7.1 \n * IBM Tivoli Provisioning Manager 7.1.1 \n * IBM Tivoli Storage Productivity Center 4.1 \n * IBM Tivoli Storage Productivity Center 4.2.0 \n * IBM Tivoli Storage Productivity Center 4.2.1 \n * IBM Tivoli Storage Productivity Center 4.2.1 Fix Pack 4 \n * IBM Tivoli Storage Productivity Center 4.2.1.185 \n * IBM Tivoli Storage Productivity Center 4.2.2 FP3 \n * IBM Tivoli Storage Productivity Center 4.2.2.143 (FP3) \n * IBM Tivoli Storage Productivity Center 4.2.2.143 \n * IBM Tivoli Storage Productivity Center 4.2.2.145 \n * IBM Tivoli Storage Productivity Center 4.2.2.170 (FP4) \n * IBM Tivoli Storage Productivity Center 4.2.2.177 \n * IBM Tivoli Storage Productivity Center 5.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.0 \n * IBM Tivoli Storage Productivity Center 5.1.1.1 \n * IBM Tivoli Storage Productivity Center 5.1.1.2 \n * IBM Tivoli Storage Productivity Center 5.1.1.3 \n * IBM Tivoli Storage Productivity Center 5.1.1.4 \n * IBM Tivoli Storage Productivity Center 5.2.0 \n * IBM WebSphere ILOG JRules 7.1 \n * IBM WebSphere Operational Decision Management 7.5 \n * IBM WebSphere Real Time 3 SR5 \n * IBM Websphere Application Server 6.1.0.1 \n * IBM Websphere Application Server 6.1.0.10 \n * IBM Websphere Application Server 6.1.0.11 \n * IBM Websphere Application Server 6.1.0.12 \n * IBM Websphere Application Server 6.1.0.13 \n * IBM Websphere Application Server 6.1.0.17 \n * IBM Websphere Application Server 6.1.0.18 \n * IBM Websphere Application Server 6.1.0.19 \n * IBM Websphere Application Server 6.1.0.43 \n * IBM Websphere Application Server 6.1.0.45 \n * IBM Websphere Application Server 6.1.0.45 \n * IBM Websphere Application Server 6.1.0.47 \n * IBM Websphere Application Server 7.0.0.0 \n * IBM Websphere Application Server 7.0.0.1 \n * IBM Websphere Application Server 7.0.0.10 \n * IBM Websphere Application Server 7.0.0.11 \n * IBM Websphere Application Server 7.0.0.14 \n * IBM Websphere Application Server 7.0.0.17 \n * IBM Websphere Application Server 7.0.0.24 \n * IBM Websphere Application Server 7.0.0.27 \n * IBM Websphere Application Server 7.0.0.29 \n * IBM Websphere Application Server 8.0.0.0 \n * IBM Websphere Application Server 8.0.0.1 \n * IBM Websphere Application Server 8.0.0.1 \n * IBM Websphere Application Server 8.0.0.2 \n * IBM Websphere Application Server 8.0.0.4 \n * IBM Websphere Application Server 8.0.0.4 \n * IBM Websphere Application Server 8.0.0.5 \n * IBM Websphere Application Server 8.0.0.7 \n * IBM Websphere Application Server 8.5.0.0 \n * IBM Websphere Application Server 8.5.5.1 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.6.0_43 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_21 \n * Oracle JDK(Linux Production Release) 1.7.0_25 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_21 \n * Oracle JDK(Solaris Production Release) 1.7.0_25 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_21 \n * Oracle JDK(Windows Production Release) 1.7.0_25 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_21 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_21 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_25 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_25 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_25 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Oracle Java SE Embedded 7u25 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * SuSE CORE 9 \n * SuSE SUSE CORE 9 for x86 \n * SuSE SUSE Linux Enterprise Java 11 SP2 \n * SuSE SUSE Linux Enterprise Java 11 SP3 \n * SuSE SUSE Linux Enterprise Server 10 SP3 LTSS \n * SuSE SUSE Linux Enterprise Server 10 SP4 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP1 LTSS \n * SuSE SUSE Linux Enterprise Server 11 SP2 \n * SuSE SUSE Linux Enterprise Server 11 SP2 for VMware \n * SuSE SUSE Linux Enterprise Server 11 SP3 \n * SuSE SUSE Linux Enterprise Server 11 SP3 for VMware \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP2 \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP3 \n * Sun JRE (Linux Production Release) 1.7 \n * Sun JRE (Solaris Production Release) 1.7 \n * Sun JRE (Windows Production Release) 1.7 \n * VMWare Update Manager 5.5 \n * VMWare vCenter Server 5.5 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "reporter": "Symantec Security Response", "published": "2013-10-15T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "symantec", "title": "Oracle Java SE CVE-2013-5838 Remote Security Vulnerability", "bulletinFamily": "software", "affectedSoftware": [{"name": "IBM Tivoli Application Dependency Discovery Manager", "version": "7.2.1.5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.6 ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.2.0.2 ", "operator": "eq"}, {"name": "Mandriva Business Server", "version": "1 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3.5 ", "operator": "eq"}, {"name": "IBM AIX", "version": "7.1 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.24 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3.3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.2 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3FP1 ", "operator": "eq"}, {"name": "VMWare Update Manager", "version": "5.5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2 FP4 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Server", "version": "10 SP3 LTSS ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Server", "version": "11 SP2 for VMware ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "9.0.1 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.1 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1FP5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3 Fix Pack 3 ", "operator": "eq"}, {"name": "VMWare vCenter Server", "version": "5.5 ", "operator": "eq"}, {"name": "IBM Tivoli Application Dependency Discovery Manager", "version": "7.2.2 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2.143 (FP3) ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0.2 Fix Pack 5 ", "operator": "eq"}, {"name": "IBM Tivoli Policy Driven Software Distribution", "version": "7.1 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Desktop Optional", "version": "6 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2.177 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.2 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.4 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.4 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Workstation Optional", "version": "6 ", "operator": "eq"}, {"name": "IBM Tivoli Provisioning Manager", "version": "7.1.1 ", "operator": "eq"}, {"name": "IBM Java SDK", "version": "5 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.1.3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1 Fix Pack 2 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.5.5.1 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2.143 ", "operator": "eq"}, {"name": "IBM Java SDK", "version": "7 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux HPC Node", "version": "6 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.0 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.1.1 ", "operator": "eq"}, {"name": "Avaya IP Office Server Edition", "version": "9.0 ", "operator": "eq"}, {"name": "IBM Operational Decision Manager", "version": "8.5 ", "operator": "eq"}, {"name": "IBM Tivoli Application Dependency Discovery Manager", "version": "7.2.1 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1.4 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3 Fix Pack 3 ", "operator": "eq"}, {"name": "IBM Tivoli Application Dependency Discovery Manager", "version": "7.1.2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.2.2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.1.5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0.2.4 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.0.1 ", "operator": "eq"}, {"name": "IBM InfoSphere Streams", "version": "1.0.1 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.14 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.4 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Workstation Supplementary", "version": "6 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.5.0.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1.3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.3 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.1.0 ", "operator": "eq"}, {"name": "IBM InfoSphere Streams", "version": "3.0 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.12 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Server", "version": "10 SP4 LTSS ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.18 ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.1.0.2 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2.145 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Server", "version": "11 SP1 LTSS ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Software Development Kit", "version": "11 SP2 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Desktop", "version": "6 ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.2.0.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2.3 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2.170 (FP4) ", "operator": "eq"}, {"name": "Avaya IP Office Application Server", "version": "9.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.4 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.17 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.2.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.6 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Supplementary", "version": "5 Server ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.1.4 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "9.0 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.1.185 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1.2 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.0 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.0 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.7 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.17 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.11 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3.4 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.10 ", "operator": "eq"}, {"name": "IBM Tivoli Endpoint Manager for Remote Control", "version": "8.2 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2 FP2 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Server", "version": "11 SP3 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.1.2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3 Fix Pack 2 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2.4 ", "operator": "eq"}, {"name": "IBM Smart Analytics System", "version": "5600 10.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "9.0.1.0 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3 Fix Pack 4 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux", "version": "5 Server ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.1.0.1 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.2.1 ", "operator": "eq"}, {"name": "IBM Tivoli Endpoint Manager", "version": "9.0.0 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.1.1 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux HPC Node Supplementary", "version": "6 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.2 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.2 FP3 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.43 ", "operator": "eq"}, {"name": "IBM Smart Analytics System", "version": "5600 9.7 ", "operator": "eq"}, {"name": "CentOS CentOS", "version": "5 ", "operator": "eq"}, {"name": "IBM WebSphere Operational Decision Management", "version": "7.5 ", "operator": "eq"}, {"name": "Mandriva Business Server", "version": "1 X86 64 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.29 ", "operator": "eq"}, {"name": "IBM Java SDK", "version": "6 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.2.3 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3 Fix Pack 4 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.1 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux Workstation", "version": "6 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0.2 FP4 ", "operator": "eq"}, {"name": "IBM Tivoli Endpoint Manager", "version": "9.0.1 ", "operator": "eq"}, {"name": "Oracle Java SE Embedded", "version": "7u25 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "4.2.1 Fix Pack 4 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5FP1 ", "operator": "eq"}, {"name": "IBM InfoSphere Streams", "version": "3.1.0.0 ", "operator": "eq"}, {"name": "Oracle Enterprise Linux", "version": "6 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.13 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.1.4 ", "operator": "eq"}, {"name": "Oracle Enterprise Linux", "version": "6.2 ", "operator": "eq"}, {"name": "Redhat Enterprise Linux HPC Node Optional", "version": "6 ", "operator": "eq"}, {"name": "IBM InfoSphere Streams", "version": "1.0 ", "operator": "eq"}, {"name": "IBM Java SDK", "version": "1.4.2 ", "operator": "eq"}, {"name": "IBM AIX", "version": "5.3 ", "operator": "eq"}, {"name": "IBM Smart Analytics System", "version": "5600 2 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.45 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.45 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.1 ", "operator": "eq"}, {"name": "IBM Smart Analytics System", "version": "5600 1 ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.1.0.4 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Java", "version": "11 SP2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.1 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0.2.2 ", "operator": "eq"}, {"name": "IBM Smart Analytics System", "version": "5600 3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3.2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.1.3 ", "operator": "eq"}, {"name": "IBM Tivoli Application Dependency Discovery Manager", "version": "7.2 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.3 Fix Pack 5 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2.0 ", "operator": "eq"}, {"name": "IBM InfoSphere Streams", "version": "2.0 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.5 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.3.5 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "7.0.0.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.0.2 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2 FP3 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.5.2 FP3 ", "operator": "eq"}, {"name": "IBM Tivoli Composite Application Manager for Transactions", "version": "7.2.0.4 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "6.1.0.19 ", "operator": "eq"}, {"name": "IBM Websphere Application Server", "version": "8.0.0.0 ", "operator": "eq"}, {"name": "IBM Lotus Domino", "version": "8.0 ", "operator": "eq"}, {"name": "CentOS CentOS", "version": "6 ", "operator": "eq"}, {"name": "IBM Tivoli Storage Productivity Center", "version": "5.1.1 ", "operator": "eq"}, {"name": "SuSE SUSE Linux Enterprise Java", "version": "11 SP3 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": "8.5.2.0 ", "operator": "eq"}, {"name": "IBM Lotus Notes", "version": &q