Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2021 Greenbone AGOPENVAS:13614125623114201307012
HistoryJun 09, 2021 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2013:0701-2)

2021-06-0900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org

6.8 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2013.0701.2");
  script_cve_id("CVE-2013-0169", "CVE-2013-0485", "CVE-2013-0809", "CVE-2013-1493");
  script_tag(name:"creation_date", value:"2021-06-09 14:58:25 +0000 (Wed, 09 Jun 2021)");
  script_version("2024-02-02T05:06:07+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_name("SUSE: Security Advisory (SUSE-SU-2013:0701-2)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2021 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES10\.0SP4|SLES11\.0SP2)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2013:0701-2");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2013/suse-su-20130701-2/");
  script_xref(name:"URL", value:"http://www.ibm.com/developerworks/java/jdk/alerts/");
  script_xref(name:"URL", value:"http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'java-1_6_0-ibm' package(s) announced via the SUSE-SU-2013:0701-2 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.

More information can be found on:

[link moved to references]

and on:

[link moved to references]
.fixes.html#SR13FP1

Security issues: - CVE-2013-0485
> - CVE-2013-0809
>
- CVE-2013-1493
 > - CVE-2013-0169
 >");

  script_tag(name:"affected", value:"'java-1_6_0-ibm' package(s) on SUSE Linux Enterprise Desktop 10-SP4, SUSE Linux Enterprise Java 10-SP4, SUSE Linux Enterprise Java 11-SP2, SUSE Linux Enterprise Server 10-SP4, SUSE Linux Enterprise Server 11-SP2, SUSE Linux Enterprise Software Development Kit 11-SP2.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES10.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm", rpm:"java-1_5_0-ibm~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-32bit", rpm:"java-1_5_0-ibm-32bit~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-64bit", rpm:"java-1_5_0-ibm-64bit~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-alsa", rpm:"java-1_5_0-ibm-alsa~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-alsa-32bit", rpm:"java-1_5_0-ibm-alsa-32bit~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-devel", rpm:"java-1_5_0-ibm-devel~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-devel-32bit", rpm:"java-1_5_0-ibm-devel-32bit~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-fonts", rpm:"java-1_5_0-ibm-fonts~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-jdbc", rpm:"java-1_5_0-ibm-jdbc~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_5_0-ibm-plugin", rpm:"java-1_5_0-ibm-plugin~1.5.0_sr16.1~0.5.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm", rpm:"java-1_6_0-ibm~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-32bit", rpm:"java-1_6_0-ibm-32bit~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-64bit", rpm:"java-1_6_0-ibm-64bit~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-alsa", rpm:"java-1_6_0-ibm-alsa~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-alsa-32bit", rpm:"java-1_6_0-ibm-alsa-32bit~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-devel", rpm:"java-1_6_0-ibm-devel~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-devel-32bit", rpm:"java-1_6_0-ibm-devel-32bit~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-fonts", rpm:"java-1_6_0-ibm-fonts~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-jdbc", rpm:"java-1_6_0-ibm-jdbc~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-plugin", rpm:"java-1_6_0-ibm-plugin~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-plugin-32bit", rpm:"java-1_6_0-ibm-plugin-32bit~1.6.0_sr13.1~0.14.1", rls:"SLES10.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES11.0SP2") {

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm", rpm:"java-1_6_0-ibm~1.6.0_sr13.1~0.9.1", rls:"SLES11.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-alsa", rpm:"java-1_6_0-ibm-alsa~1.6.0_sr13.1~0.9.1", rls:"SLES11.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-fonts", rpm:"java-1_6_0-ibm-fonts~1.6.0_sr13.1~0.9.1", rls:"SLES11.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-jdbc", rpm:"java-1_6_0-ibm-jdbc~1.6.0_sr13.1~0.9.1", rls:"SLES11.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"java-1_6_0-ibm-plugin", rpm:"java-1_6_0-ibm-plugin~1.6.0_sr13.1~0.9.1", rls:"SLES11.0SP2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 51
suse 7
openvas 43
securityvulns 4
oraclelinux 4
prion 5
redhat 6
threatpost 4
ubuntu 2
centos 4
amazon 2
fedora 2
cert 1
cve 4
ubuntucve 3
zdi 3
cvelist 4
ibm 25
veracode 4
checkpoint_advisories 2
saint 4
zdt 1
seebug 1
packetstorm 1
metasploit 1
f5 2
slackware 1
openssl 1
hackerone 1
debiancve 1
pentestpartners 1
exploitdb 1
symantec 1
osv 1
altlinux 1
nessus
nessus
SuSE 11.2 Security Update : java-1_7_0-ibm (SAT Patch Number 7623)
2013-04-19 00:00:00
SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8544)
2013-04-24 00:00:00
SuSE 11.2 Security Update : IBM Java (SAT Patch Number 7627)
2013-04-24 00:00:00
suse
suse
Security update for java-1_7_0-ibm (important)
2013-04-18 19:04:39
Security update for java-1_6_0-ibm (important)
2013-04-23 22:04:39
Security update for IBM Java (important)
2013-04-23 21:04:26
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:0701-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0710-1)
2021-06-09 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01
2013-03-08 00:00:00
securityvulns
securityvulns
APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14
2013-03-11 00:00:00
US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities
2013-03-11 00:00:00
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-03-06 00:00:00
java-1.6.0-openjdk security update
2013-03-06 00:00:00
java-1.6.0-openjdk security update
2013-03-06 00:00:00
prion
prion
Design/Logic Flaw
2013-03-05 22:06:00
Design/Logic Flaw
2014-01-21 18:55:00
Memory corruption
2013-03-05 22:06:00
redhat
redhat
(RHSA-2013:0600) Critical: java-1.7.0-oracle security update
2013-03-06 00:00:00
(RHSA-2013:0604) Important: java-1.6.0-openjdk security update
2013-03-06 00:00:00
(RHSA-2013:0601) Critical: java-1.6.0-sun security update
2013-03-06 00:00:00
threatpost
threatpost
Oracle Rushes Emergency Java Update to Patch McRAT Vulnerabilities
2013-03-04 22:37:58
Attackers Beat Java Default Security Settings with Social Engineering
2013-03-05 17:27:40
The Java Zero-Day Procession Continues
2013-03-01 16:34:30
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-03-07 00:00:00
OpenJDK 6 vulnerabilities
2013-03-05 00:00:00
centos
centos
java security update
2013-03-06 21:08:42
java security update
2013-03-06 21:09:16
java security update
2013-03-06 21:15:03
amazon
amazon
Important: java-1.6.0-openjdk
2013-03-14 22:03:00
Important: java-1.7.0-openjdk
2013-03-14 22:03:00
fedora
fedora
[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc18
2013-03-14 02:56:25
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc17
2013-03-06 22:58:17
cert
cert
Oracle Java contains multiple vulnerabilities
2013-03-05 00:00:00
cve
cve
CVE-2013-0809
2013-03-05 22:06:00
CVE-2013-0485
2014-01-21 18:55:00
CVE-2013-1493
2013-03-05 22:06:00
ubuntucve
ubuntucve
CVE-2013-0809
2013-03-04 00:00:00
CVE-2013-1493
2013-03-04 00:00:00
CVE-2013-0169
2013-02-08 00:00:00
zdi
zdi
Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability
2013-06-27 00:00:00
Oracle Java Image ColorConvert Remote Code Execution Vulnerability
2013-06-27 00:00:00
Oracle Java cmmColorConvert Remote Code Execution Vulnerability
2013-06-27 00:00:00
cvelist
cvelist
CVE-2013-0809
2013-03-04 16:00:00
CVE-2013-0485
2014-01-21 18:00:00
CVE-2013-1493
2013-03-04 16:00:00
ibm
ibm
Security Bulletin: Tivoli Storage Productivity Center affected by vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)
2022-08-19 18:23:31
Security Bulletin: Security vulnerability in Rational Developer for System z (CVE-2013-0485)
2020-10-27 15:51:50
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)
2018-06-17 04:48:04
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:59:18
Arbitrary Code Execution
2019-05-02 04:53:58
Timing Attacks
2017-02-10 05:59:15
checkpoint_advisories
checkpoint_advisories
Oracle Java Runtime CMM Code Execution (CVE-2013-1493)
2013-03-10 00:00:00
Oracle Java 2D ImagingLib Integer Overflow (CVE-2013-0809)
2013-03-24 00:00:00
saint
saint
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
Java Runtime Environment Color Management memory overwrite
2013-04-04 00:00:00
zdt
zdt
Java CMM Remote Code Execution Vulnerability
2013-03-28 00:00:00
seebug
seebug
Java CMM Remote Code Execution
2014-07-01 00:00:00
packetstorm
packetstorm
Java CMM Remote Code Execution
2013-03-28 00:00:00
metasploit
metasploit
Java CMM Remote Code Execution
2013-03-26 21:30:18
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
debiancve
debiancve
CVE-2013-0169
2013-02-08 19:55:00
pentestpartners
pentestpartners
Vulnerabilities that (mostly) aren’t: LUCKY13
2024-05-03 05:12:27
exploitdb
exploitdb
Java CMM - Remote Code Execution (Metasploit)
2013-03-29 00:00:00
symantec
symantec
Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability
2013-02-28 00:00:00
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00

6.8 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON
Related for OPENVAS:13614125623114201307012
nessus51suse7openvas43securityvulns4oraclelinux4prion5redhat6threatpost4ubuntu2centos4amazon2fedora2cert1cve4ubuntucve3zdi3cvelist4ibm25veracode4checkpoint_advisories2saint4zdt1seebug1packetstorm1metasploit1f52slackware1openssl1hackerone1debiancve1pentestpartners1exploitdb1symantec1osv1altlinux1