ID 1337DAY-ID-21191 Type zdt Reporter GuHe Modified 2013-09-03T00:00:00
Description
Exploit for windows platform in category dos / poc
# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow
# Google Dork:
# Date: 2013-09-03
# Exploit Author: GuHe
# Vendor Homepage: http://www.oracle.com/
# Software Link:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
# Version: 7u21 and eariler
# Tested on: Windows 7
# CVE : CVE-2013-2470
CVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer
overflow
1. Affected Software
JRE 7 update 21 and earlier
JRE 6 update 45 and earlier
2. Root cause analysis
The "Java_sun_awt_image_ImagingLib_lookupByteBI" performs byte lookup
operation on two BufferedImage.
In the following code:
/* Mlib needs 16bit lookuptable and must be signed! */
if (src->type == MLIB_SHORT) {
unsigned short *sdataP = (unsigned short *) src->data;
unsigned short *sP;
if (dst->type == MLIB_BYTE) {
unsigned char *cdataP = (unsigned char *) dst->data;
unsigned char *cP;
if (nbands > 1) {
retStatus = 0;
}
else {
int x, y;
for (y=0; y < src->height; y++) {
cP = cdataP;
sP = sdataP;
for (x=0; x < src->width; x++) {
*cP++ = table[0][*sP++];
}
/*
* 4554571: increment pointers using the scanline stride
* in pixel units (not byte units)
*/
cdataP += dstImageP->raster.scanlineStride;
sdataP += srcImageP->raster.scanlineStride;
}
}
}
/* How about ddata == null? */
}
It tries to map data in src raster to the dst raster. The total bytes
written to dst rater buffer is:
(src->width) * (src->height). However, it does not correctly check the size
of the dst buffer, if the size of the
dst buffer is smaller than (src->width) * (src->height), it will be
overflowed.
3. Poc
See "TestByteBI.java" for the source code.
And you can test the poc by directly open the "HelloApplet.html" in a web
browser.
4. Tested on
JRE 7 update 21 on Windows 7 Enterprise
# 0day.today [2018-01-26] #
{"hash": "20a7140556b2b16b880bb7c342bc69e9b04df275c249ecc182c89fd73c4cd103", "id": "1337DAY-ID-21191", "lastseen": "2018-01-27T01:16:52", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "fe25a62aa20ed3563226bdd315dd634a", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "a510f66f63c8ad22ab235965e9ef9be2", "key": "href"}, {"hash": "9a7e012f5622ae9990d6ec0e22e1dae7", "key": "modified"}, {"hash": "9a7e012f5622ae9990d6ec0e22e1dae7", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "2236507ae8c60f72542a7cb50fe3d180", "key": "reporter"}, {"hash": "de1d21af244e97c90acbb1f473bafe78", "key": "sourceData"}, {"hash": "132fe39ba7b10908ff7579772d7d5f14", "key": "sourceHref"}, {"hash": "9cf524426a6b150620440e264fdfa3f2", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/21191", "description": "Exploit for windows platform in category dos / poc", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow Vulnerability", "history": [{"bulletin": {"hash": "b949530747a8d034f53422801a23518ffe5bfd6b92db3cb7bfb30c2b4a9bd6a4", "id": "1337DAY-ID-21191", "lastseen": "2016-04-20T01:38:51", "enchantments": {"score": {"value": 3.6, "modified": "2016-04-20T01:38:51"}}, "hashmap": [{"hash": "9cf524426a6b150620440e264fdfa3f2", "key": "title"}, {"hash": "2236507ae8c60f72542a7cb50fe3d180", "key": "reporter"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "fe25a62aa20ed3563226bdd315dd634a", "key": "cvelist"}, {"hash": "ab5d0e9eb89d6d6f67dc9a60a4d45c70", "key": "href"}, {"hash": "f64b84038a57a25d2abed51d260b2e40", "key": "sourceData"}, {"hash": "9a7e012f5622ae9990d6ec0e22e1dae7", "key": "modified"}, {"hash": "427e3a4c42b8db1f5f86846c07ccbd41", "key": "sourceHref"}, {"hash": "9a7e012f5622ae9990d6ec0e22e1dae7", "key": "published"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/21191", "description": "Exploit for windows platform in category dos / poc", "viewCount": 0, "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "objectVersion": "1.0", "cvelist": ["CVE-2013-2470"], "sourceData": "# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\r\n# Google Dork:\r\n# Date: 2013-09-03\r\n# Exploit Author: GuHe\r\n# Vendor Homepage: http://www.oracle.com/\r\n# Software Link:\r\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\r\n# Version: 7u21 and eariler\r\n# Tested on: Windows 7\r\n# CVE : CVE-2013-2470\r\n \r\n \r\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\r\noverflow\r\n \r\n \r\n1. Affected Software\r\nJRE 7 update 21 and earlier\r\nJRE 6 update 45 and earlier\r\n \r\n \r\n2. Root cause analysis\r\n \r\nThe \"Java_sun_awt_image_ImagingLib_lookupByteBI\" performs byte lookup\r\noperation on two BufferedImage.\r\n \r\nIn the following code:\r\n \r\n /* Mlib needs 16bit lookuptable and must be signed! */\r\n if (src->type == MLIB_SHORT) {\r\n unsigned short *sdataP = (unsigned short *) src->data;\r\n unsigned short *sP;\r\n if (dst->type == MLIB_BYTE) {\r\n unsigned char *cdataP = (unsigned char *) dst->data;\r\n unsigned char *cP;\r\n if (nbands > 1) {\r\n retStatus = 0;\r\n }\r\n else {\r\n int x, y;\r\n for (y=0; y < src->height; y++) {\r\n cP = cdataP;\r\n sP = sdataP;\r\n for (x=0; x < src->width; x++) {\r\n *cP++ = table[0][*sP++];\r\n }\r\n \r\n /*\r\n * 4554571: increment pointers using the scanline stride\r\n * in pixel units (not byte units)\r\n */\r\n cdataP += dstImageP->raster.scanlineStride;\r\n sdataP += srcImageP->raster.scanlineStride;\r\n }\r\n }\r\n }\r\n /* How about ddata == null? */\r\n }\r\n \r\nIt tries to map data in src raster to the dst raster. The total bytes\r\nwritten to dst rater buffer is:\r\n(src->width) * (src->height). However, it does not correctly check the size\r\nof the dst buffer, if the size of the\r\ndst buffer is smaller than (src->width) * (src->height), it will be\r\noverflowed.\r\n \r\n \r\n3. Poc\r\nSee \"TestByteBI.java\" for the source code.\r\nAnd you can test the poc by directly open the \"HelloApplet.html\" in a web\r\nbrowser.\r\n \r\n \r\n4. Tested on\r\nJRE 7 update 21 on Windows 7 Enterprise\n\n# 0day.today [2016-04-20] #", "published": "2013-09-03T00:00:00", "references": [], "reporter": "GuHe", "modified": "2013-09-03T00:00:00", "href": "http://0day.today/exploit/description/21191"}, "lastseen": "2016-04-20T01:38:51", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": ["CVE-2013-2470"], "sourceData": "# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\r\n# Google Dork:\r\n# Date: 2013-09-03\r\n# Exploit Author: GuHe\r\n# Vendor Homepage: http://www.oracle.com/\r\n# Software Link:\r\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\r\n# Version: 7u21 and eariler\r\n# Tested on: Windows 7\r\n# CVE : CVE-2013-2470\r\n \r\n \r\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\r\noverflow\r\n \r\n \r\n1. Affected Software\r\nJRE 7 update 21 and earlier\r\nJRE 6 update 45 and earlier\r\n \r\n \r\n2. Root cause analysis\r\n \r\nThe \"Java_sun_awt_image_ImagingLib_lookupByteBI\" performs byte lookup\r\noperation on two BufferedImage.\r\n \r\nIn the following code:\r\n \r\n /* Mlib needs 16bit lookuptable and must be signed! */\r\n if (src->type == MLIB_SHORT) {\r\n unsigned short *sdataP = (unsigned short *) src->data;\r\n unsigned short *sP;\r\n if (dst->type == MLIB_BYTE) {\r\n unsigned char *cdataP = (unsigned char *) dst->data;\r\n unsigned char *cP;\r\n if (nbands > 1) {\r\n retStatus = 0;\r\n }\r\n else {\r\n int x, y;\r\n for (y=0; y < src->height; y++) {\r\n cP = cdataP;\r\n sP = sdataP;\r\n for (x=0; x < src->width; x++) {\r\n *cP++ = table[0][*sP++];\r\n }\r\n \r\n /*\r\n * 4554571: increment pointers using the scanline stride\r\n * in pixel units (not byte units)\r\n */\r\n cdataP += dstImageP->raster.scanlineStride;\r\n sdataP += srcImageP->raster.scanlineStride;\r\n }\r\n }\r\n }\r\n /* How about ddata == null? */\r\n }\r\n \r\nIt tries to map data in src raster to the dst raster. The total bytes\r\nwritten to dst rater buffer is:\r\n(src->width) * (src->height). However, it does not correctly check the size\r\nof the dst buffer, if the size of the\r\ndst buffer is smaller than (src->width) * (src->height), it will be\r\noverflowed.\r\n \r\n \r\n3. Poc\r\nSee \"TestByteBI.java\" for the source code.\r\nAnd you can test the poc by directly open the \"HelloApplet.html\" in a web\r\nbrowser.\r\n \r\n \r\n4. Tested on\r\nJRE 7 update 21 on Windows 7 Enterprise\n\n# 0day.today [2018-01-26] #", "published": "2013-09-03T00:00:00", "references": [], "reporter": "GuHe", "modified": "2013-09-03T00:00:00", "href": "https://0day.today/exploit/description/21191"}
{"result": {"cve": [{"id": "CVE-2013-2470", "type": "cve", "title": "CVE-2013-2470", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"", "published": "2013-06-18T18:55:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2470", "cvelist": ["CVE-2013-2470"], "lastseen": "2018-01-05T12:21:18"}], "symantec": [{"id": "SMNTC-60651", "type": "symantec", "title": "Oracle Java SE CVE-2013-2470 Memory Corruption Vulnerability", "description": "### Description\n\nOracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update 45\n\n### Technologies Affected\n\n * Apple Mac OS X 10.6.8 \n * Apple Mac OS X 10.7 \n * Apple Mac OS X 10.7.1 \n * Apple Mac OS X 10.7.2 \n * Apple Mac OS X 10.7.3 \n * Apple Mac OS X 10.7.4 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8 \n * Apple Mac OS X 10.8.1 \n * Apple Mac OS X 10.8.2 \n * Apple Mac OS X 10.8.3 \n * Apple Mac OS X 10.8.4 \n * Apple Mac OS X Server 10.6.8 \n * Apple Mac OS X Server 10.7 \n * Apple Mac OS X Server 10.7.1 \n * Apple Mac OS X Server 10.7.2 \n * Apple Mac OS X Server 10.7.3 \n * Apple Mac OS X Server 10.7.4 \n * Apple Mac OS X Server 10.7.5 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.3 \n * Avaya Aura Conferencing 6.0 SP1 Standard \n * Avaya Aura Conferencing 6.0 Standard \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0 SP1 \n * Avaya Aura Experience Portal 6.0 SP2 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1 SP1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura SIP Enablement Services 5.2 \n * Avaya Aura SIP Enablement Services 5.2.1 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 1.1 \n * Avaya Aura System Platform 6.0 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.3 \n * Avaya CMS R16 \n * Avaya CMS R16.3 \n * Avaya CMS r15 \n * Avaya CMS r17 \n * Avaya Call Management System R17.0 \n * Avaya Communication Server 1000E 6.0 \n * Avaya Communication Server 1000E 7.0 \n * Avaya Communication Server 1000E 7.5 \n * Avaya Communication Server 1000E Signaling Server 6.0 \n * Avaya Communication Server 1000E Signaling Server 7.0 \n * Avaya Communication Server 1000E Signaling Server 7.5 \n * Avaya Communication Server 1000M 6.0 \n * Avaya Communication Server 1000M 7.0 \n * Avaya Communication Server 1000M 7.5 \n * Avaya Communication Server 1000M Signaling Server 6.0 \n * Avaya Communication Server 1000M Signaling Server 7.0 \n * Avaya Communication Server 1000M Signaling Server 7.5 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IR 4.0 \n * Avaya Meeting Exchange 5.0 \n * Avaya Meeting Exchange 5.1 \n * Avaya Meeting Exchange 5.2 \n * Avaya Meeting Exchange 6.0 \n * Avaya Meeting Exchange 6.2 \n * Avaya Message Networking 6.2.0 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Message Storage Server 5.2.1 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.0 SP1 \n * Avaya Voice Portal 5.0 SP2 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1 SP1 \n * Avaya Voice Portal 5.1 SP3 \n * Avaya Voice Portal 5.1 Sp2 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * Avaya one-X Client Enablement Services 6.0 \n * Avaya one-X Client Enablement Services 6.1 \n * Avaya one-X Client Enablement Services 6.2 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Debian Linux 6.0 amd64 \n * Debian Linux 6.0 arm \n * Debian Linux 6.0 ia-32 \n * Debian Linux 6.0 ia-64 \n * Debian Linux 6.0 mips \n * Debian Linux 6.0 powerpc \n * Debian Linux 6.0 s/390 \n * Debian Linux 6.0 sparc \n * Fedoraproject Fedora 17 \n * Fedoraproject Fedora 18 \n * Fedoraproject Fedora 19 \n * Gentoo Linux \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.31 \n * Hitachi Cosminexus 7.0 \n * Hitachi Cosminexus 8.0 \n * Hitachi Cosminexus 9.0 \n * Hitachi Cosminexus Application Server 5.0 \n * Hitachi Cosminexus Application Server 6.0 \n * Hitachi Cosminexus Client 6 \n * Hitachi Cosminexus Developer 5 \n * Hitachi Cosminexus Developer 6.0 \n * Hitachi Cosminexus Server - Standard Edition 4 \n * Hitachi Cosminexus Server - Web Edition 4 \n * Hitachi Cosminexus Studio 4.0 \n * Hitachi Cosminexus Studio 5 \n * Hitachi uCosminexus Application Server 09-00 \n * Hitachi uCosminexus Client 8 \n * Hitachi uCosminexus Developer 09-00 (Linux) \n * Hitachi uCosminexus Operator 8 \n * Hitachi uCosminexus Service Architect 8 \n * Hitachi uCosminexus Service Platform 8 \n * IBM CICS Transaction Gateway 7.1 \n * IBM CICS Transaction Gateway 7.2 \n * IBM CICS Transaction Gateway 8.0 \n * IBM CICS Transaction Gateway 8.1 \n * IBM CICS Transaction Gateway 9.0 \n * IBM Cloudburst 1.2 \n * IBM Cloudburst 2.1 \n * IBM Cloudburst 2.1.1 \n * IBM Flex System Manager Types 7955 1.1.0 \n * IBM Flex System Manager Types 7955 1.3.0 \n * IBM Flex System Manager Types 8731 1.1.0 \n * IBM Flex System Manager Types 8731 1.3.0 \n * IBM Flex System Manager Types 8734 1.1.0 \n * IBM Flex System Manager Types 8734 1.3.0 \n * IBM Integration Bus 9.0.0.0 \n * IBM Java SDK 1.4.2 \n * IBM Java SDK 1.4.2 SR13-FP17 \n * IBM Java SDK 5 \n * IBM Java SDK 5.0 SR16-FP2 \n * IBM Java SDK 6 \n * IBM Java SDK 6 SR13-FP2 \n * IBM Java SDK 6.0.1 SR5-FP2 \n * IBM Java SDK 7 \n * IBM Java SDK 7 SR4-FP2 \n * IBM Java SE 1.4.2 \n * IBM Java SE 5.0 \n * IBM Java SE 6 \n * IBM Java SE 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.0.2.1 \n * IBM Lotus Domino 8.0.2.2 \n * IBM Lotus Domino 8.0.2.3 \n * IBM Lotus Domino 8.0.2.4 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.0.1 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.1.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 8.5.4 \n * IBM Lotus Domino 9.0 \n * IBM Lotus Notes 8.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.0.2.1 \n * IBM Lotus Notes 8.0.2.2 \n * IBM Lotus Notes 8.0.2.3 \n * IBM Lotus Notes 8.0.2.4 \n * IBM Lotus Notes 8.0.2.5 \n * IBM Lotus Notes 8.0.2.6 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.0.1 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.1.2 \n * IBM Lotus Notes 8.5.1.3 \n * IBM Lotus Notes 8.5.1.4 \n * IBM Lotus Notes 8.5.1.5 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.2.1 \n * IBM Lotus Notes 8.5.2.2 \n * IBM Lotus Notes 8.5.2.3 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 9.0 \n * IBM Maximo Asset Management 6.2 \n * IBM Maximo Asset Management 6.2.1 \n * IBM Maximo Asset Management 6.2.2 \n * IBM Maximo Asset Management 6.2.3 \n * IBM Maximo Asset Management 6.2.4 \n * IBM Maximo Asset Management 6.2.5 \n * IBM Maximo Asset Management 6.2.6 \n * IBM Maximo Asset Management 6.2.7 \n * IBM Maximo Asset Management 6.2.8 \n * IBM Maximo Asset Management 7.1.1 \n * IBM Maximo Asset Management 7.2 \n * IBM Maximo Asset Management 7.2.1 \n * IBM Maximo Asset Management 7.5 \n * IBM OS/400 V5R4M0 \n * IBM OS/400 V6R1M0 \n * IBM Operational Decision Manager 8.0 \n * IBM Operational Decision Manager 8.5 \n * IBM Service Delivery Manager 7.2.1 \n * IBM Service Delivery Manager 7.2.2 \n * IBM Service Delivery Manager 7.2.4 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.3 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.4 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.5 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0.1 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Monitoring 6.2.0 \n * IBM Tivoli Monitoring 6.2.0 Fix Pack 03 \n * IBM Tivoli Monitoring 6.2.1 \n * IBM Tivoli Monitoring 6.2.1 Fix Pack 04 \n * IBM Tivoli Monitoring 6.2.2 \n * IBM Tivoli Monitoring 6.2.2 FP6 \n * IBM Tivoli Monitoring 6.2.2 FixPack 4 \n * IBM Tivoli Monitoring 6.2.2.9 \n * IBM Tivoli Monitoring 6.2.3 \n * IBM Tivoli Monitoring 6.2.3 Fix Pack 3 \n * IBM Tivoli Monitoring 6.2.3.1 \n * IBM Tivoli Monitoring 6.2.3.2 \n * IBM Tivoli Monitoring 6.3.0 \n * IBM Tivoli Monitoring 6.3.0.1 \n * IBM Tivoli Provisioning Manager 7.1.1 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1.1 \n * IBM Virtualization Engine TS7700 \n * IBM WebSphere ILOG JRules 7.1 \n * IBM WebSphere Message Broker 6.1 \n * IBM WebSphere Operational Decision Management 7.5.0.0 \n * IBM WebSphere Real Time 2.0 \n * IBM WebSphere Real Time 3 SR4-FP2 \n * IBM i 6.1 \n * IBM i 7.1 \n * IBM i V5R4 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.5.0_41 \n * Oracle JDK(Linux Production Release) 1.5.0_45 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_43 \n * Oracle JDK(Linux Production Release) 1.6.0_45 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_21 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_41 \n * Oracle JDK(Solaris Production Release) 1.5.0_45 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_43 \n * Oracle JDK(Solaris Production Release) 1.6.0_45 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_21 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_45 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_43 \n * Oracle JDK(Windows Production Release) 1.6.0_45 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_21 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_21 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.5.0_45 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_45 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_21 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.5.0_41 \n * Oracle JRE(Linux Production Release) 1.5.0_45 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_43 \n * Oracle JRE(Linux Production Release) 1.6.0_45 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_41 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_43 \n * Oracle JRE(Solaris Production Release) 1.6.0_45 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_41 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_43 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Server EUS 6.5.z \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Redhat Network Satellite (for RHEL 5) 5.5 \n * Redhat Network Satellite (for RHEL 6) 5.5 \n * Schneider-Electric Trio TView Software 3.27.0 \n * SuSE CORE 9 \n * SuSE SUSE CORE 9 for x86 \n * SuSE SUSE Linux Enterprise Java 10 SP4 \n * SuSE SUSE Linux Enterprise Java 11 SP3 \n * SuSE SUSE Linux Enterprise Server 10 SP3 LTSS \n * SuSE SUSE Linux Enterprise Server 10 SP4 \n * SuSE SUSE Linux Enterprise Server 11 SP3 \n * SuSE SUSE Linux Enterprise Server 11 SP3 for VMware \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP3 \n * SuSE Suse Linux Enterprise Desktop 10 SP4 \n * SuSE Suse Linux Enterprise Desktop 11 SP2 \n * SuSE Suse Linux Enterprise Desktop 11 SP3 \n * SuSE openSUSE 11.4 \n * Sun JDK (Linux Production Release) 1.5.0 07 \n * Sun JDK (Linux Production Release) 1.5.0 22 \n * Sun JDK (Linux Production Release) 1.5.0 .0 05 \n * Sun JDK (Linux Production Release) 1.5.0 0 10 \n * Sun JDK (Linux Production Release) 1.5.0 01 \n * Sun JDK (Linux Production Release) 1.5.0 02 \n * Sun JDK (Linux Production Release) 1.5.0 06 \n * Sun JDK (Linux Production Release) 1.5.0 07-B03 \n * Sun JDK (Linux Production Release) 1.5.0 11-B03 \n * Sun JDK (Linux Production Release) 1.5.0 13 \n * Sun JDK (Linux Production Release) 1.5.0 14 \n * Sun JDK (Linux Production Release) 1.5.0 15 \n * Sun JDK (Linux Production Release) 1.5.0 16 \n * Sun JDK (Linux Production Release) 1.5.0 17 \n * Sun JDK (Linux Production Release) 1.5.0 18 \n * Sun JDK (Linux Production Release) 1.5.0 20 \n * Sun JDK (Linux Production Release) 1.5.0 23 \n * Sun JDK (Linux Production Release) 1.5.0 24 \n * Sun JDK (Linux Production Release) 1.5.0 \n * Sun JDK (Linux Production Release) 1.5.0.0 03 \n * Sun JDK (Linux Production Release) 1.5.0.0 04 \n * Sun JDK (Linux Production Release) 1.5.0.0 08 \n * Sun JDK (Linux Production Release) 1.5.0.0 09 \n * Sun JDK (Linux Production Release) 1.5.0.0 11 \n * Sun JDK (Linux Production Release) 1.5.0.0 12 \n * Sun JDK (Linux Production Release) 1.5.0_25 \n * Sun JDK (Linux Production Release) 1.5.0_26 \n * Sun JDK (Linux Production Release) 1.5.0_27 \n * Sun JDK (Linux Production Release) 1.5.0_28 \n * Sun JDK (Linux Production Release) 1.5.0_29 \n * Sun JDK (Linux Production Release) 1.5.0_30 \n * Sun JDK (Linux Production Release) 1.5.0_31 \n * Sun JDK (Linux Production Release) 1.5.0_32 \n * Sun JDK (Linux Production Release) 1.5.0_33 \n * Sun JDK (Linux Production Release) 1.5.0_35 \n * Sun JDK (Linux Production Release) 1.6.0 17 \n * Sun JDK (Linux Production Release) 1.6.0 01 \n * Sun JDK (Linux Production Release) 1.6.0 01-B06 \n * Sun JDK (Linux Production Release) 1.6.0 02 \n * Sun JDK (Linux Production Release) 1.6.0 03 \n * Sun JDK (Linux Production Release) 1.6.0 04 \n * Sun JDK (Linux Production Release) 1.6.0 05 \n * Sun JDK (Linux Production Release) 1.6.0 06 \n * Sun JDK (Linux Production Release) 1.6.0 07 \n * Sun JDK (Linux Production Release) 1.6.0 10 \n * Sun JDK (Linux Production Release) 1.6.0 11 \n * Sun JDK (Linux Production Release) 1.6.0 13 \n * Sun JDK (Linux Production Release) 1.6.0 14 \n * Sun JDK (Linux Production Release) 1.6.0 15 \n * Sun JDK (Linux Production Release) 1.6.0 18 \n * Sun JDK (Linux Production Release) 1.6.0 19 \n * Sun JDK (Linux Production Release) 1.6.0 20 \n * Sun JDK (Linux Production Release) 1.6.0 \n * Sun JDK (Linux Production Release) 1.6.0_21 \n * Sun JDK (Solaris Production Release) 1.5.0 22 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 03 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 04 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 05 \n * Sun JDK (Solaris Production Release) 1.5.0 0 03 \n * Sun JDK (Solaris Production Release) 1.5.0 0 09 \n * Sun JDK (Solaris Production Release) 1.5.0 0 10 \n * Sun JDK (Solaris Production Release) 1.5.0 01 \n * Sun JDK (Solaris Production Release) 1.5.0 02 \n * Sun JDK (Solaris Production Release) 1.5.0 06 \n * Sun JDK (Solaris Production Release) 1.5.0 07-B03 \n * Sun JDK (Solaris Production Release) 1.5.0 11 \n * Sun JDK (Solaris Production Release) 1.5.0 11-B03 \n * Sun JDK (Solaris Production Release) 1.5.0 12 \n * Sun JDK (Solaris Production Release) 1.5.0 13 \n * Sun JDK (Solaris Production Release) 1.5.0 14 \n * Sun JDK (Solaris Production Release) 1.5.0 15 \n * Sun JDK (Solaris Production Release) 1.5.0 16 \n * Sun JDK (Solaris Production Release) 1.5.0 17 \n * Sun JDK (Solaris Production Release) 1.5.0 18 \n * Sun JDK (Solaris Production Release) 1.5.0 20 \n * Sun JDK (Solaris Production Release) 1.5.0 23 \n * Sun JDK (Solaris Production Release) 1.5.0 24 \n * Sun JDK (Solaris Production Release) 1.5.0_25 \n * Sun JDK (Solaris Production Release) 1.5.0_26 \n * Sun JDK (Solaris Production Release) 1.5.0_27 \n * Sun JDK (Solaris Production Release) 1.5.0_28 \n * Sun JDK (Solaris Production Release) 1.5.0_29 \n * Sun JDK (Solaris Production Release) 1.5.0_30 \n * Sun JDK (Solaris Production Release) 1.5.0_31 \n * Sun JDK (Solaris Production Release) 1.5.0_32 \n * Sun JDK (Solaris Production Release) 1.5.0_33 \n * Sun JDK (Solaris Production Release) 1.5.0_35 \n * Sun JDK (Solaris Production Release) 1.6.0 17 \n * Sun JDK (Solaris Production Release) 1.6.0 01 \n * Sun JDK (Solaris Production Release) 1.6.0 01-B06 \n * Sun JDK (Solaris Production Release) 1.6.0 02 \n * Sun JDK (Solaris Production Release) 1.6.0 03 \n * Sun JDK (Solaris Production Release) 1.6.0 04 \n * Sun JDK (Solaris Production Release) 1.6.0 05 \n * Sun JDK (Solaris Production Release) 1.6.0 06 \n * Sun JDK (Solaris Production Release) 1.6.0 07 \n * Sun JDK (Solaris Production Release) 1.6.0 10 \n * Sun JDK (Solaris Production Release) 1.6.0 11 \n * Sun JDK (Solaris Production Release) 1.6.0 13 \n * Sun JDK (Solaris Production Release) 1.6.0 14 \n * Sun JDK (Solaris Production Release) 1.6.0 15 \n * Sun JDK (Solaris Production Release) 1.6.0 18 \n * Sun JDK (Solaris Production Release) 1.6.0 19 \n * Sun JDK (Solaris Production Release) 1.6.0 20 \n * Sun JDK (Solaris Production Release) 1.6.0 \n * Sun JDK (Solaris Production Release) 1.6.0_21 \n * Sun JDK (Windows Production Release) 1.5.0 .0 03 \n * Sun JDK (Windows Production Release) 1.5.0 .0 04 \n * Sun JDK (Windows Production Release) 1.5.0 .0 05 \n * Sun JDK (Windows Production Release) 1.5.0 0 10 \n * Sun JDK (Windows Production Release) 1.5.0 01 \n * Sun JDK (Windows Production Release) 1.5.0 02 \n * Sun JDK (Windows Production Release) 1.5.0 07-B03 \n * Sun JDK (Windows Production Release) 1.5.0 11-B03 \n * Sun JDK (Windows Production Release) 1.5.0 12 \n * Sun JDK (Windows Production Release) 1.5.0 13 \n * Sun JDK (Windows Production Release) 1.5.0 14 \n * Sun JDK (Windows Production Release) 1.5.0 15 \n * Sun JDK (Windows Production Release) 1.5.0 16 \n * Sun JDK (Windows Production Release) 1.5.0 17 \n * Sun JDK (Windows Production Release) 1.5.0 18 \n * Sun JDK (Windows Production Release) 1.5.0 20 \n * Sun JDK (Windows Production Release) 1.5.0 22 \n * Sun JDK (Windows Production Release) 1.5.0 23 \n * Sun JDK (Windows Production Release) 1.5.0 24 \n * Sun JDK (Windows Production Release) 1.5.0.0 06 \n * Sun JDK (Windows Production Release) 1.5.0.0 08 \n * Sun JDK (Windows Production Release) 1.5.0.0 09 \n * Sun JDK (Windows Production Release) 1.5.0.0 11 \n * Sun JDK (Windows Production Release) 1.5.0.0 12 \n * Sun JDK (Windows Production Release) 1.5.0_25 \n * Sun JDK (Windows Production Release) 1.5.0_26 \n * Sun JDK (Windows Production Release) 1.5.0_27 \n * Sun JDK (Windows Production Release) 1.5.0_28 \n * Sun JDK (Windows Production Release) 1.5.0_29 \n * Sun JDK (Windows Production Release) 1.5.0_30 \n * Sun JDK (Windows Production Release) 1.5.0_31 \n * Sun JDK (Windows Production Release) 1.5.0_32 \n * Sun JDK (Windows Production Release) 1.5.0_33 \n * Sun JDK (Windows Production Release) 1.5.0_35 \n * Sun JDK (Windows Production Release) 1.6.0 17 \n * Sun JDK (Windows Production Release) 1.6.0 01 \n * Sun JDK (Windows Production Release) 1.6.0 01-B06 \n * Sun JDK (Windows Production Release) 1.6.0 02 \n * Sun JDK (Windows Production Release) 1.6.0 03 \n * Sun JDK (Windows Production Release) 1.6.0 04 \n * Sun JDK (Windows Production Release) 1.6.0 05 \n * Sun JDK (Windows Production Release) 1.6.0 06 \n * Sun JDK (Windows Production Release) 1.6.0 07 \n * Sun JDK (Windows Production Release) 1.6.0 10 \n * Sun JDK (Windows Production Release) 1.6.0 11 \n * Sun JDK (Windows Production Release) 1.6.0 13 \n * Sun JDK (Windows Production Release) 1.6.0 14 \n * Sun JDK (Windows Production Release) 1.6.0 15 \n * Sun JDK (Windows Production Release) 1.6.0 18 \n * Sun JDK (Windows Production Release) 1.6.0 19 \n * Sun JDK (Windows Production Release) 1.6.0 20 \n * Sun JDK (Windows Production Release) 1.6.0 \n * Sun JDK (Windows Production Release) 1.6.0_21 \n * Sun JRE (Linux Production Release) 1.5.0 22 \n * Sun JRE (Linux Production Release) 1.5.0 .0 Beta \n * Sun JRE (Linux Production Release) 1.5.0 01 \n * Sun JRE (Linux Production Release) 1.5.0 02 \n * Sun JRE (Linux Production Release) 1.5.0 03 \n * Sun JRE (Linux Production Release) 1.5.0 04 \n * Sun JRE (Linux Production Release) 1.5.0 05 \n * Sun JRE (Linux Production Release) 1.5.0 06 \n * Sun JRE (Linux Production Release) 1.5.0 07 \n * Sun JRE (Linux Production Release) 1.5.0 08 \n * Sun JRE (Linux Production Release) 1.5.0 09 \n * Sun JRE (Linux Production Release) 1.5.0 10 \n * Sun JRE (Linux Production Release) 1.5.0 11 \n * Sun JRE (Linux Production Release) 1.5.0 12 \n * Sun JRE (Linux Production Release) 1.5.0 13 \n * Sun JRE (Linux Production Release) 1.5.0 14 \n * Sun JRE (Linux Production Release) 1.5.0 15 \n * Sun JRE (Linux Production Release) 1.5.0 16 \n * Sun JRE (Linux Production Release) 1.5.0 17 \n * Sun JRE (Linux Production Release) 1.5.0 18 \n * Sun JRE (Linux Production Release) 1.5.0 20 \n * Sun JRE (Linux Production Release) 1.5.0 23 \n * Sun JRE (Linux Production Release) 1.5.0 \n * Sun JRE (Linux Production Release) 1.5.0_25 \n * Sun JRE (Linux Production Release) 1.5.0_26 \n * Sun JRE (Linux Production Release) 1.5.0_27 \n * Sun JRE (Linux Production Release) 1.5.0_28 \n * Sun JRE (Linux Production Release) 1.5.0_29 \n * Sun JRE (Linux Production Release) 1.5.0_30 \n * Sun JRE (Linux Production Release) 1.5.0_31 \n * Sun JRE (Linux Production Release) 1.5.0_32 \n * Sun JRE (Linux Production Release) 1.5.0_33 \n * Sun JRE (Linux Production Release) 1.5.0_35 \n * Sun JRE (Linux Production Release) 1.6.0 17 \n * Sun JRE (Linux Production Release) 1.6.0 01 \n * Sun JRE (Linux Production Release) 1.6.0 02 \n * Sun JRE (Linux Production Release) 1.6.0 03 \n * Sun JRE (Linux Production Release) 1.6.0 04 \n * Sun JRE (Linux Production Release) 1.6.0 05 \n * Sun JRE (Linux Production Release) 1.6.0 06 \n * Sun JRE (Linux Production Release) 1.6.0 07 \n * Sun JRE (Linux Production Release) 1.6.0 10 \n * Sun JRE (Linux Production Release) 1.6.0 11 \n * Sun JRE (Linux Production Release) 1.6.0 12 \n * Sun JRE (Linux Production Release) 1.6.0 13 \n * Sun JRE (Linux Production Release) 1.6.0 14 \n * Sun JRE (Linux Production Release) 1.6.0 15 \n * Sun JRE (Linux Production Release) 1.6.0 18 \n * Sun JRE (Linux Production Release) 1.6.0 19 \n * Sun JRE (Linux Production Release) 1.6.0 20 \n * Sun JRE (Linux Production Release) 1.6.0 \n * Sun JRE (Linux Production Release) 1.6.0_21 \n * Sun JRE (Linux Production Release) 1.7 \n * Sun JRE (Solaris Production Release) 1.5.0 01 \n * Sun JRE (Solaris Production Release) 1.5.0 22 \n * Sun JRE (Solaris Production Release) 1.5.0 02 \n * Sun JRE (Solaris Production Release) 1.5.0 03 \n * Sun JRE (Solaris Production Release) 1.5.0 04 \n * Sun JRE (Solaris Production Release) 1.5.0 05 \n * Sun JRE (Solaris Production Release) 1.5.0 06 \n * Sun JRE (Solaris Production Release) 1.5.0 10 \n * Sun JRE (Solaris Production Release) 1.5.0 11 \n * Sun JRE (Solaris Production Release) 1.5.0 12 \n * Sun JRE (Solaris Production Release) 1.5.0 13 \n * Sun JRE (Solaris Production Release) 1.5.0 14 \n * Sun JRE (Solaris Production Release) 1.5.0 15 \n * Sun JRE (Solaris Production Release) 1.5.0 16 \n * Sun JRE (Solaris Production Release) 1.5.0 17 \n * Sun JRE (Solaris Production Release) 1.5.0 18 \n * Sun JRE (Solaris Production Release) 1.5.0 20 \n * Sun JRE (Solaris Production Release) 1.5.0 23 \n * Sun JRE (Solaris Production Release) 1.5.0 \n * Sun JRE (Solaris Production Release) 1.5.0.0 07 \n * Sun JRE (Solaris Production Release) 1.5.0.0 08 \n * Sun JRE (Solaris Production Release) 1.5.0.0 09 \n * Sun JRE (Solaris Production Release) 1.5.0_25 \n * Sun JRE (Solaris Production Release) 1.5.0_26 \n * Sun JRE (Solaris Production Release) 1.5.0_27 \n * Sun JRE (Solaris Production Release) 1.5.0_28 \n * Sun JRE (Solaris Production Release) 1.5.0_29 \n * Sun JRE (Solaris Production Release) 1.5.0_30 \n * Sun JRE (Solaris Production Release) 1.5.0_31 \n * Sun JRE (Solaris Production Release) 1.5.0_32 \n * Sun JRE (Solaris Production Release) 1.5.0_33 \n * Sun JRE (Solaris Production Release) 1.5.0_35 \n * Sun JRE (Solaris Production Release) 1.6.0 17 \n * Sun JRE (Solaris Production Release) 1.6.0 01 \n * Sun JRE (Solaris Production Release) 1.6.0 02 \n * Sun JRE (Solaris Production Release) 1.6.0 03 \n * Sun JRE (Solaris Production Release) 1.6.0 04 \n * Sun JRE (Solaris Production Release) 1.6.0 05 \n * Sun JRE (Solaris Production Release) 1.6.0 06 \n * Sun JRE (Solaris Production Release) 1.6.0 07 \n * Sun JRE (Solaris Production Release) 1.6.0 10 \n * Sun JRE (Solaris Production Release) 1.6.0 11 \n * Sun JRE (Solaris Production Release) 1.6.0 12 \n * Sun JRE (Solaris Production Release) 1.6.0 13 \n * Sun JRE (Solaris Production Release) 1.6.0 14 \n * Sun JRE (Solaris Production Release) 1.6.0 15 \n * Sun JRE (Solaris Production Release) 1.6.0 18 \n * Sun JRE (Solaris Production Release) 1.6.0 19 \n * Sun JRE (Solaris Production Release) 1.6.0 2 \n * Sun JRE (Solaris Production Release) 1.6.0 \n * Sun JRE (Solaris Production Release) 1.6.0_21 \n * Sun JRE (Solaris Production Release) 1.7 \n * Sun JRE (Windows Production Release) 1.5.0 22 \n * Sun JRE (Windows Production Release) 1.5.0 01 \n * Sun JRE (Windows Production Release) 1.5.0 02 \n * Sun JRE (Windows Production Release) 1.5.0 03 \n * Sun JRE (Windows Production Release) 1.5.0 04 \n * Sun JRE (Windows Production Release) 1.5.0 05 \n * Sun JRE (Windows Production Release) 1.5.0 06 \n * Sun JRE (Windows Production Release) 1.5.0 10 \n * Sun JRE (Windows Production Release) 1.5.0 11 \n * Sun JRE (Windows Production Release) 1.5.0 12 \n * Sun JRE (Windows Production Release) 1.5.0 13 \n * Sun JRE (Windows Production Release) 1.5.0 14 \n * Sun JRE (Windows Production Release) 1.5.0 15 \n * Sun JRE (Windows Production Release) 1.5.0 16 \n * Sun JRE (Windows Production Release) 1.5.0 17 \n * Sun JRE (Windows Production Release) 1.5.0 18 \n * Sun JRE (Windows Production Release) 1.5.0 20 \n * Sun JRE (Windows Production Release) 1.5.0 23 \n * Sun JRE (Windows Production Release) 1.5.0 \n * Sun JRE (Windows Production Release) 1.5.0.0 07 \n * Sun JRE (Windows Production Release) 1.5.0.0 08 \n * Sun JRE (Windows Production Release) 1.5.0.0 09 \n * Sun JRE (Windows Production Release) 1.5.0_25 \n * Sun JRE (Windows Production Release) 1.5.0_26 \n * Sun JRE (Windows Production Release) 1.5.0_27 \n * Sun JRE (Windows Production Release) 1.5.0_28 \n * Sun JRE (Windows Production Release) 1.5.0_29 \n * Sun JRE (Windows Production Release) 1.5.0_30 \n * Sun JRE (Windows Production Release) 1.5.0_31 \n * Sun JRE (Windows Production Release) 1.5.0_32 \n * Sun JRE (Windows Production Release) 1.5.0_33 \n * Sun JRE (Windows Production Release) 1.5.0_35 \n * Sun JRE (Windows Production Release) 1.6.0 17 \n * Sun JRE (Windows Production Release) 1.6.0 01 \n * Sun JRE (Windows Production Release) 1.6.0 02 \n * Sun JRE (Windows Production Release) 1.6.0 03 \n * Sun JRE (Windows Production Release) 1.6.0 04 \n * Sun JRE (Windows Production Release) 1.6.0 05 \n * Sun JRE (Windows Production Release) 1.6.0 06 \n * Sun JRE (Windows Production Release) 1.6.0 07 \n * Sun JRE (Windows Production Release) 1.6.0 10 \n * Sun JRE (Windows Production Release) 1.6.0 11 \n * Sun JRE (Windows Production Release) 1.6.0 12 \n * Sun JRE (Windows Production Release) 1.6.0 13 \n * Sun JRE (Windows Production Release) 1.6.0 14 \n * Sun JRE (Windows Production Release) 1.6.0 15 \n * Sun JRE (Windows Production Release) 1.6.0 18 \n * Sun JRE (Windows Production Release) 1.6.0 19 \n * Sun JRE (Windows Production Release) 1.6.0 2 \n * Sun JRE (Windows Production Release) 1.6.0 20 \n * Sun JRE (Windows Production Release) 1.6.0 \n * Sun JRE (Windows Production Release) 1.6.0_21 \n * Sun JRE (Windows Production Release) 1.7 \n * Ubuntu Ubuntu Linux 10.04 LTS \n * Ubuntu Ubuntu Linux 12.04 LTS \n * Xerox FreeFlow Print Server (FFPS) 73.C5.11 \n * Xerox FreeFlow Print Server (FFPS) 73.D2.33 \n * Xerox FreeFlow Print Server (FFPS) 81.D0.73 \n * Xerox FreeFlow Print Server (FFPS) 82.D1.44 \n * Xerox FreeFlow Print Server (FFPS) 91.D2.32 \n * Xerox FreeFlow Print Server (FFPS) 93.E0.21C \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as non-executable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2013-06-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/60651", "cvelist": ["CVE-2013-2470"], "lastseen": "2018-03-12T02:29:19"}], "seebug": [{"id": "SSV:81632", "type": "seebug", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-81632", "cvelist": ["CVE-2013-2470"], "lastseen": "2017-11-19T17:01:30"}], "zdi": [{"id": "ZDI-13-158", "type": "zdi", "title": "Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific vulnerability is an array indexing flaw inside the Java AWT imaging library allowing for memory corruption. An attacker could leverage this vulnerability into remote execution of arbitrary code as the current user.", "published": "2013-06-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-13-158", "cvelist": ["CVE-2013-2470"], "lastseen": "2016-11-09T00:18:15"}], "exploitdb": [{"id": "EDB-ID:28050", "type": "exploitdb", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow", "description": "Oracle Java lookUpByteBI - Heap Buffer Overflow. CVE-2013-2470. Dos exploit for windows platform", "published": "2013-09-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/28050/", "cvelist": ["CVE-2013-2470"], "lastseen": "2016-02-03T07:19:22"}], "nessus": [{"id": "SUSE_11_JAVA-1_4_2-IBM-130723.NASL", "type": "nessus", "title": "SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)", "description": "IBM Java 1.4.2 was updated to SR13-FP18 to fix bugs and security issues.\n\nPlease see also http://www.ibm.com/developerworks/java/jdk/alerts/\n\nAlso the following bug has been fixed :\n\n - mark files in jre/bin and bin/ as executable (bnc#823034)", "published": "2013-07-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69090", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "lastseen": "2017-10-29T13:40:57"}, {"id": "REDHAT-RHSA-2013-1081.NASL", "type": "nessus", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:1081)", "description": "Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM J2SE 5.0 SR16-FP3 release. All running instances of IBM Java must be restarted for this update to take effect.", "published": "2013-07-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68922", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "lastseen": "2017-10-29T13:33:33"}, {"id": "REDHAT-RHSA-2013-1014.NASL", "type": "nessus", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67184", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:35:26"}, {"id": "CENTOS_RHSA-2013-1014.NASL", "type": "nessus", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1014)", "description": "Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67183", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:43:15"}, {"id": "ALA_ALAS-2013-207.NASL", "type": "nessus", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)", "description": "Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470 , CVE-2013-2471 , CVE-2013-2472 , CVE-2013-2473 , CVE-2013-2463 , CVE-2013-2465 , CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448 , CVE-2013-2457 , CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456 , CVE-2013-2447 , CVE-2013-2455 , CVE-2013-2452 , CVE-2013-2443 , CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444 , CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407 , CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)", "published": "2013-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69765", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2018-04-19T07:44:56"}, {"id": "SUSE_11_JAVA-1_6_0-OPENJDK-130718.NASL", "type": "nessus", "title": "SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)", "description": "java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version.\n\nSecurity fixes :\n\n - S6741606, CVE-2013-2407: Integrate Apache Santuario\n\n - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls\n\n - S7170730, CVE-2013-2451: Improve Windows network stack support.\n\n - S8000638, CVE-2013-2450: Improve deserialization\n\n - S8000642, CVE-2013-2446: Better handling of objects for transportation\n\n - S8001032: Restrict object access\n\n - S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers\n\n - S8001034, CVE-2013-1500: Memory management improvements\n\n - S8001038, CVE-2013-2444: Resourcefully handle resources\n\n - S8001043: Clarify definition restrictions\n\n - S8001309: Better handling of annotation interfaces\n\n - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost\n\n - S8001330, CVE-2013-2443: Improve on checking order\n\n - S8003703, CVE-2013-2412: Update RMI connection dialog box\n\n - S8004584: Augment applet contextualization\n\n - S8005007: Better glyph processing\n\n - S8006328, CVE-2013-2448: Improve robustness of sound classes\n\n - S8006611: Improve scripting\n\n - S8007467: Improve robustness of JMX internal APIs\n\n - S8007471: Improve MBean notifications\n\n - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes\n\n - S8008120, CVE-2013-2457: Improve JMX class checking\n\n - S8008124, CVE-2013-2453: Better compliance testing\n\n - S8008128: Better API coherence for JMX\n\n - S8008132, CVE-2013-2456: Better serialization support\n\n - S8008585: Better JMX data handling\n\n - S8008593: Better URLClassLoader resource management\n\n - S8008603: Improve provision of JMX providers", "published": "2013-07-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69029", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:41:46"}, {"id": "SL_20130703_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64", "description": "Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle out- of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)\n\nAll running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67185", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:44:00"}, {"id": "ORACLELINUX_ELSA-2013-1014.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)", "description": "From Red Hat Security Advisory 2013:1014 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68842", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:40:08"}, {"id": "DEBIAN_DSA-2727.NASL", "type": "nessus", "title": "Debian DSA-2727-1 : openjdk-6 - several vulnerabilities", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.", "published": "2013-07-28T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69084", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-29T13:38:06"}, {"id": "MACOSX_JAVA_2013-004.NASL", "type": "nessus", "title": "Mac OS X : Java for OS X 2013-004", "description": "The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-004 update, which updates the Java version to 1.6.0_51. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.", "published": "2013-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66928", "cvelist": ["CVE-2013-2468", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2466"], "lastseen": "2017-10-29T13:39:55"}], "suse": [{"id": "SUSE-SU-2013:1264-1", "type": "suse", "title": "Security update for java-1_4_2-ibm (important)", "description": "IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs\n and security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bug has been fixed:\n\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "published": "2013-07-27T17:04:24", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "lastseen": "2016-09-04T11:57:01"}, {"id": "SUSE-SU-2013:1293-2", "type": "suse", "title": "Security update for IBM Java 1.4.2 (important)", "description": "IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs\n and security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469,\n CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473,\n CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459,\n CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also following bug has been fixed:\n\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n\n", "published": "2013-08-05T20:04:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00001.html", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "lastseen": "2016-09-04T11:50:13"}, {"id": "SUSE-SU-2013:1293-1", "type": "suse", "title": "Security update for IBMJava5 JRE and IBMJava5 SDK (important)", "description": "IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and\n security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002\n CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463,\n CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470,\n CVE-2013-2459, CVE-2013-3743, CVE-2013-2448, CVE-2013-2454,\n CVE-2013-2456 CVE-2013-2457, CVE-2013-2455, CVE-2013-2443,\n CVE-2013-2447 CVE-2013-2444, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1571, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n\n\n", "published": "2013-08-02T23:04:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "lastseen": "2016-09-04T12:14:44"}, {"id": "SUSE-SU-2013:1238-1", "type": "suse", "title": "Security update for java-1_6_0-openjdk (important)", "description": "java-1_6_0-openjdk has been updated to Icedtea6-1.12.6\n version.\n\n Security fixes:\n\n * S6741606, CVE-2013-2407: Integrate Apache Santuario\n * S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n * S7170730, CVE-2013-2451: Improve Windows network\n stack support.\n * S8000638, CVE-2013-2450: Improve deserialization\n * S8000642, CVE-2013-2446: Better handling of objects\n for transportation\n * S8001032: Restrict object access\n * S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n * S8001034, CVE-2013-1500: Memory management\n improvements\n * S8001038, CVE-2013-2444: Resourcefully handle\n resources\n * S8001043: Clarify definition restrictions\n * S8001309: Better handling of annotation interfaces\n * S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n * S8001330, CVE-2013-2443: Improve on checking order\n * S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n * S8004584: Augment applet contextualization\n * S8005007: Better glyph processing\n * S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n * S8006611: Improve scripting\n * S8007467: Improve robustness of JMX internal APIs\n * S8007471: Improve MBean notifications\n * S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n * S8008120, CVE-2013-2457: Improve JMX class checking\n * S8008124, CVE-2013-2453: Better compliance testing\n * S8008128: Better API coherence for JMX\n * S8008132, CVE-2013-2456: Better serialization support\n * S8008585: Better JMX data handling\n * S8008593: Better URLClassLoader resource management\n * S8008603: Improve provision of JMX providers\n", "published": "2013-07-23T22:04:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00024.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2016-09-04T11:57:12"}, {"id": "SUSE-SU-2013:1263-1", "type": "suse", "title": "Security update for java-1_5_0-ibm (important)", "description": "IBM Java 1.5.0 has been updated to SR16-FP3 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bug has been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "published": "2013-07-27T17:04:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "lastseen": "2016-09-04T12:43:37"}, {"id": "SUSE-SU-2013:1263-2", "type": "suse", "title": "Security update for java-1_5_0-ibm (important)", "description": "IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and\n security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002,\n CVE-2013-2469, CVE-2013-2465, CVE-2013-2464,\n CVE-2013-2463, CVE-2013-2473, CVE-2013-2472,\n CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-3743,\n CVE-2013-2448, CVE-2013-2454, CVE-2013-2456,\n CVE-2013-2457, CVE-2013-2455, CVE-2013-2443,\n CVE-2013-2447, CVE-2013-2444, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1571, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n\n Additionally, the following bugs have been fixed: - Add\n Europe/Busingen to tzmappings (bnc#817062) - Mark files in\n jre/bin and bin/ as executable (bnc#823034).\n\n Security Issues:\n\n * CVE-2013-3009\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009</a>\n >\n * CVE-2013-3011\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011</a>\n >\n * CVE-2013-3012\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012</a>\n >\n * CVE-2013-2469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469</a>\n >\n * CVE-2013-4002\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002</a>\n >\n * CVE-2013-2465\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465</a>\n >\n * CVE-2013-2464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464</a>\n >\n * CVE-2013-2463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463</a>\n >\n * CVE-2013-2473\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473</a>\n >\n * CVE-2013-2472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472</a>\n >\n * CVE-2013-2471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471</a>\n >\n * CVE-2013-2470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470</a>\n >\n * CVE-2013-2459\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459</a>\n >\n * CVE-2013-3743\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743</a>\n >\n * CVE-2013-2448\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448</a>\n >\n * CVE-2013-2454\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454</a>\n >\n * CVE-2013-2457\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457</a>\n >\n * CVE-2013-2456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456</a>\n >\n * CVE-2013-2455\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455</a>\n >\n * CVE-2013-2443\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443</a>\n >\n * CVE-2013-2444\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444</a>\n >\n * CVE-2013-2447\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447</a>\n >\n * CVE-2013-2452\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452</a>\n >\n * CVE-2013-2446\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446</a>\n >\n * CVE-2013-2450\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450</a>\n >\n * CVE-2013-1571\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571</a>\n >\n * CVE-2013-1500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500</a>\n >\n\n\n", "published": "2013-07-30T17:04:11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00032.html", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "lastseen": "2016-09-04T11:27:55"}, {"id": "SUSE-SU-2013:1256-1", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "description": "IBM Java 1.7.0 has been updated to SR5 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "published": "2013-07-25T20:04:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-3008", "CVE-2013-3006", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2462", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-3007", "CVE-2013-2471", "CVE-2013-3010", "CVE-2013-2464", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-3744", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2460", "CVE-2013-2466"], "lastseen": "2016-09-04T12:43:04"}, {"id": "SUSE-SU-2013:1255-2", "type": "suse", "title": "Security update for java-1_6_0-ibm (important)", "description": "IBM Java 1.6.0 has been updated to SR14 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "published": "2013-07-27T17:04:18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00030.html", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2466"], "lastseen": "2016-09-04T11:56:36"}, {"id": "SUSE-SU-2013:1254-1", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "description": "This update to icedtea-2.4.1 fixes various security issues:\n\n * S6741606, CVE-2013-2407: Integrate Apache Santuario\n * S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n * S7170730, CVE-2013-2451: Improve Windows network\n stack support.\n * S8000638, CVE-2013-2450: Improve deserialization\n * S8000642, CVE-2013-2446: Better handling of objects\n for transportation\n * S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n * S8001034, CVE-2013-1500: Memory management\n improvements\n * S8001038, CVE-2013-2444: Resourcefully handle\n resources\n * S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n * S8001330, CVE-2013-2443: Improve on checking order\n (non-Zero builds only)\n * S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n * S8004288, CVE-2013-2449: (fs) Files.probeContentType\n problems\n * S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n * S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n * S8008120, CVE-2013-2457: Improve JMX class checking\n * S8008124, CVE-2013-2453: Better compliance testing\n * S8008132, CVE-2013-2456: Better serialization support\n * S8008744, CVE-2013-2407: Rework part of fix for\n JDK-6741606\n * S8009057, CVE-2013-2448: Improve MIDI event handling\n * S8009071, CVE-2013-2459: Improve shape handling\n * S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292\n implementation change\n * S8009554, CVE-2013-2454: Improve\n SerialJavaObject.getFields\n * S8010209, CVE-2013-2460: Better provision of factories\n * S8011243, CVE-2013-2470: Improve ImagingLib\n * S8011248, CVE-2013-2471: Better Component Rasters\n * S8011253, CVE-2013-2472: Better Short Component\n Rasters\n * S8011257, CVE-2013-2473: Better Byte Component Rasters\n * S8012375, CVE-2013-1571: Improve Javadoc framing\n * S8012438, CVE-2013-2463: Better image validation\n * S8012597, CVE-2013-2465: Better image channel\n verification\n * S8012601, CVE-2013-2469: Better validation of image\n layouts\n * S8014281, CVE-2013-2461: Better checking of XML\n signature\n", "published": "2013-07-25T16:04:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00025.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2016-09-04T11:48:25"}, {"id": "SUSE-SU-2013:1255-3", "type": "suse", "title": "Security update for IBM Java 1.6.0 (important)", "description": "IBM Java 1.6.0 was updated to SR14 to fix bugs and security\n issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "published": "2013-07-30T19:04:11", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00033.html", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2466"], "lastseen": "2016-09-04T12:19:41"}], "debian": [{"id": "DSA-2727", "type": "debian", "title": "openjdk-6 -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 6b27-1.12.6-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 6b27-1.12.6-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 6b27-1.12.6-1.\n\nWe recommend that you upgrade your openjdk-6 packages.", "published": "2013-07-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2727", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2016-09-02T18:37:32"}, {"id": "DSA-2722", "type": "debian", "title": "openjdk-7 -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 7u25-2.3.10-1~deb7u1. In addition icedtea-web needed to be updated to 1.4-3~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 7u25-2.3.10-1.\n\nWe recommend that you upgrade your openjdk-7 packages.", "published": "2013-07-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2722", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2016-09-02T18:29:16"}], "centos": [{"id": "CESA-2013:1014", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:1014\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and\nJMX components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\nCVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim\nBrown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019834.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/019835.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1014.html", "published": "2013-07-04T10:07:44", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/019834.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-10-03T18:25:45"}, {"id": "CESA-2013:0957", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0957\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAfter installing this update, users of icedtea-web must install\nRHBA-2013:0959 for icedtea-web to continue functioning.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019796.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0957.html", "published": "2013-06-20T06:43:01", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019796.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2017-10-03T18:26:49"}, {"id": "CESA-2013:0958", "type": "centos", "title": "java security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0958\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/019797.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0958.html", "published": "2013-06-20T06:46:44", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/019797.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2017-10-03T18:26:43"}], "openvas": [{"id": "OPENVAS:803821", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)", "description": "This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.", "published": "2013-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=803821", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455", "CVE-2013-2445"], "lastseen": "2017-11-13T12:51:59"}, {"id": "OPENVAS:1361412562310123602", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1014", "description": "Oracle Linux Local Security Checks ELSA-2013-1014", "published": "2015-10-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123602", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-07-24T12:53:47"}, {"id": "OPENVAS:881762", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos6 ", "description": "Check for the Version of java", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881762", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-07-25T10:51:59"}, {"id": "OPENVAS:1361412562310803821", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)", "description": "This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.", "published": "2013-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803821", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455", "CVE-2013-2445"], "lastseen": "2018-04-06T11:21:38"}, {"id": "OPENVAS:871015", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01", "description": "Check for the Version of java-1.6.0-openjdk", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=871015", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-07-27T10:51:49"}, {"id": "OPENVAS:881761", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos5 ", "description": "Check for the Version of java", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881761", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2018-01-19T15:09:32"}, {"id": "OPENVAS:1361412562310871015", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01", "description": "Check for the Version of java-1.6.0-openjdk", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871015", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2018-04-09T11:24:09"}, {"id": "OPENVAS:1361412562310881761", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos5 ", "description": "Check for the Version of java", "published": "2013-07-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881761", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2018-04-06T11:23:16"}, {"id": "OPENVAS:892727", "type": "openvas", "title": "Debian Security Advisory DSA 2727-1 (openjdk-6 - several vulnerabilities)", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "published": "2013-07-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892727", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2017-07-24T12:51:53"}, {"id": "OPENVAS:1361412562310892727", "type": "openvas", "title": "Debian Security Advisory DSA 2727-1 (openjdk-6 - several vulnerabilities)", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.", "published": "2013-07-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892727", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2018-04-06T11:22:56"}], "oraclelinux": [{"id": "ELSA-2013-1014", "type": "oraclelinux", "title": "java-1.6.0-openjdk security update", "description": "[1:1.6.0.0-1.62.1.11.11.90]\n- updated to icedtea6-1.11.11.90.tar.gz\n- removed upstreamed patch9 jaxp-backport-factoryfinder.patch\n- removed upstreamed patch10 fixToFontSecurityFix.patch.\n- modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#973129", "published": "2013-07-03T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-1014.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2016-09-04T11:16:03"}, {"id": "ELSA-2013-0958", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.25-2.3.10.4.0.1.el5_9]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.25-2.3.10.4.el5]\n- updated to newer IcedTea7-forest 2.3.10 with 8010118 fix\n- removed upstreamed patch1000 MBeanFix.patch\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.3.el5]\n- reverted fix for license files owning\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.2.el5]\n- added patch1000 MBeanFix.patch to fix regressions caused by security patches\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.1.el6]\n- build bumped to 25\n- Resolves: rhbz#973117\n[1.7.0.19-2.3.10.0.el5]\n- Updated to latest IcedTea7-forest 2.3.10\n- patch 107 renamed to 500 for cosmetic purposes\n- Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs\n- Resolves: rhbz#973117\n[1.7.0.19-2.3.10.0.el5]\n- Updated to latest IcedTea7-forest 2.3.10\n- Resolves: rhbz#973117", "published": "2013-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0958.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2016-09-04T11:16:16"}, {"id": "ELSA-2013-0957", "type": "oraclelinux", "title": "java-1.7.0-openjdk security update", "description": "[1.7.0.25-2.3.10.3.0.1.el6_4]\n- Update DISTRO_NAME in specfile\n[1.7.0.25-2.3.10.3.el6]\n- removed upstreamed patch1000 MBeanFix.patch\n- updated to newer IcedTea7-forest 2.3.10 with 8010118 fix\n- Resolves: rhbz#973119\n[1.7.0.25-2.3.10.2.el6]\n- added patch1000 MBeanFix.patch to fix regressions caused by security patches\n- Resolves: rhbz#973119\n[1.7.0.25-2.3.10.1.el6]\n- build bumped to 25\n- Resolves: rhbz#973119\n[1.7.0.19-2.3.10.0.el6]\n- Updated to latest IcedTea7-forest 2.3.10\n- patch 107 renamed to 500 for cosmetic purposes\n- improved handling of patch111 - nss-config-2.patch\n- removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch\n duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964)\n- Added client/server directories so they can be owned\n- Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs\n- Resolves: rhbz#973119", "published": "2013-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0957.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2016-09-04T11:16:09"}], "amazon": [{"id": "ALAS-2013-207", "type": "amazon", "title": "Important: java-1.6.0-openjdk", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2470 __](<https://access.redhat.com/security/cve/CVE-2013-2470>), [CVE-2013-2471 __](<https://access.redhat.com/security/cve/CVE-2013-2471>), [CVE-2013-2472 __](<https://access.redhat.com/security/cve/CVE-2013-2472>), [CVE-2013-2473 __](<https://access.redhat.com/security/cve/CVE-2013-2473>), [CVE-2013-2463 __](<https://access.redhat.com/security/cve/CVE-2013-2463>), [CVE-2013-2465 __](<https://access.redhat.com/security/cve/CVE-2013-2465>), [CVE-2013-2469 __](<https://access.redhat.com/security/cve/CVE-2013-2469>))\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. ([CVE-2013-2459 __](<https://access.redhat.com/security/cve/CVE-2013-2459>))\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2448 __](<https://access.redhat.com/security/cve/CVE-2013-2448>), [CVE-2013-2457 __](<https://access.redhat.com/security/cve/CVE-2013-2457>), [CVE-2013-2453 __](<https://access.redhat.com/security/cve/CVE-2013-2453>))\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. ([CVE-2013-2456 __](<https://access.redhat.com/security/cve/CVE-2013-2456>), [CVE-2013-2447 __](<https://access.redhat.com/security/cve/CVE-2013-2447>), [CVE-2013-2455 __](<https://access.redhat.com/security/cve/CVE-2013-2455>), [CVE-2013-2452 __](<https://access.redhat.com/security/cve/CVE-2013-2452>), [CVE-2013-2443 __](<https://access.redhat.com/security/cve/CVE-2013-2443>), [CVE-2013-2446 __](<https://access.redhat.com/security/cve/CVE-2013-2446>))\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. ([CVE-2013-2445 __](<https://access.redhat.com/security/cve/CVE-2013-2445>))\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. ([CVE-2013-2444 __](<https://access.redhat.com/security/cve/CVE-2013-2444>), [CVE-2013-2450 __](<https://access.redhat.com/security/cve/CVE-2013-2450>))\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. ([CVE-2013-2407 __](<https://access.redhat.com/security/cve/CVE-2013-2407>), [CVE-2013-2461 __](<https://access.redhat.com/security/cve/CVE-2013-2461>))\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. ([CVE-2013-2412 __](<https://access.redhat.com/security/cve/CVE-2013-2412>))\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. ([CVE-2013-1571 __](<https://access.redhat.com/security/cve/CVE-2013-1571>))\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. ([CVE-2013-1500 __](<https://access.redhat.com/security/cve/CVE-2013-1500>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n \n \n", "published": "2013-07-12T15:31:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-207.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "lastseen": "2016-09-28T21:04:04"}, {"id": "ALAS-2013-204", "type": "amazon", "title": "Important: java-1.7.0-openjdk", "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2470 __](<https://access.redhat.com/security/cve/CVE-2013-2470>), [CVE-2013-2471 __](<https://access.redhat.com/security/cve/CVE-2013-2471>), [CVE-2013-2472 __](<https://access.redhat.com/security/cve/CVE-2013-2472>), [CVE-2013-2473 __](<https://access.redhat.com/security/cve/CVE-2013-2473>), [CVE-2013-2463 __](<https://access.redhat.com/security/cve/CVE-2013-2463>), [CVE-2013-2465 __](<https://access.redhat.com/security/cve/CVE-2013-2465>), [CVE-2013-2469 __](<https://access.redhat.com/security/cve/CVE-2013-2469>))\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. ([CVE-2013-2459 __](<https://access.redhat.com/security/cve/CVE-2013-2459>))\n\nMultiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2448 __](<https://access.redhat.com/security/cve/CVE-2013-2448>), [CVE-2013-2454 __](<https://access.redhat.com/security/cve/CVE-2013-2454>), [CVE-2013-2458 __](<https://access.redhat.com/security/cve/CVE-2013-2458>), [CVE-2013-2457 __](<https://access.redhat.com/security/cve/CVE-2013-2457>), [CVE-2013-2453 __](<https://access.redhat.com/security/cve/CVE-2013-2453>), [CVE-2013-2460 __](<https://access.redhat.com/security/cve/CVE-2013-2460>))\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. ([CVE-2013-2456 __](<https://access.redhat.com/security/cve/CVE-2013-2456>), [CVE-2013-2447 __](<https://access.redhat.com/security/cve/CVE-2013-2447>), [CVE-2013-2455 __](<https://access.redhat.com/security/cve/CVE-2013-2455>), [CVE-2013-2452 __](<https://access.redhat.com/security/cve/CVE-2013-2452>), [CVE-2013-2443 __](<https://access.redhat.com/security/cve/CVE-2013-2443>), [CVE-2013-2446 __](<https://access.redhat.com/security/cve/CVE-2013-2446>))\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. ([CVE-2013-2445 __](<https://access.redhat.com/security/cve/CVE-2013-2445>))\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. ([CVE-2013-2444 __](<https://access.redhat.com/security/cve/CVE-2013-2444>), [CVE-2013-2450 __](<https://access.redhat.com/security/cve/CVE-2013-2450>))\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. ([CVE-2013-2407 __](<https://access.redhat.com/security/cve/CVE-2013-2407>), [CVE-2013-2461 __](<https://access.redhat.com/security/cve/CVE-2013-2461>))\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. ([CVE-2013-2412 __](<https://access.redhat.com/security/cve/CVE-2013-2412>))\n\nIt was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. ([CVE-2013-2449 __](<https://access.redhat.com/security/cve/CVE-2013-2449>))\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. ([CVE-2013-1571 __](<https://access.redhat.com/security/cve/CVE-2013-1571>))\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. ([CVE-2013-1500 __](<https://access.redhat.com/security/cve/CVE-2013-1500>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.29.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n \n \n", "published": "2013-06-20T14:14:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2013-204.html", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2016-09-28T21:04:00"}], "redhat": [{"id": "RHSA-2013:1014", "type": "redhat", "title": "(RHSA-2013:1014) Important: java-1.6.0-openjdk security update", "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and\nJMX components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\nCVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim\nBrown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2013-07-03T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1014", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "lastseen": "2017-12-25T20:06:06"}, {"id": "RHSA-2013:1081", "type": "redhat", "title": "(RHSA-2013:1081) Important: java-1.5.0-ibm security update", "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,\nCVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,\nCVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP3 release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "published": "2013-07-16T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1081", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3009", "CVE-2013-3011", "CVE-2013-3012", "CVE-2013-3743", "CVE-2013-4002"], "lastseen": "2017-09-09T07:19:18"}, {"id": "RHSA-2013:1059", "type": "redhat", "title": "(RHSA-2013:1059) Critical: java-1.6.0-ibm security update", "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443,\nCVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450,\nCVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455,\nCVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464,\nCVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR14 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "published": "2013-07-15T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1059", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3009", "CVE-2013-3011", "CVE-2013-3012", "CVE-2013-3743", "CVE-2013-4002"], "lastseen": "2017-09-09T07:19:49"}, {"id": "RHSA-2013:0957", "type": "redhat", "title": "(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAfter installing this update, users of icedtea-web must install\nRHBA-2013:0959 for icedtea-web to continue functioning.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n", "published": "2013-06-19T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0957", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "lastseen": "2017-11-25T08:01:57"}, {"id": "RHSA-2013:0958", "type": "redhat", "title": "(RHSA-2013:0958) Important: java-1.7.0-openjdk security update", "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "published": "2013-06-19T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0958", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "lastseen": "2017-09-09T07:19:24"}, {"id": "RHSA-2013:1060", "type": "redhat", "title": "(RHSA-2013:1060) Critical: java-1.7.0-ibm security update", "description": "IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442,\nCVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449,\nCVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,\nCVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459,\nCVE-2013-2460, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3744)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.7.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 7 SR5 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "published": "2013-07-15T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1060", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2400", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2462", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3006", "CVE-2013-3007", "CVE-2013-3008", "CVE-2013-3009", "CVE-2013-3010", "CVE-2013-3011", "CVE-2013-3012", "CVE-2013-3744", "CVE-2013-4002"], "lastseen": "2017-09-09T07:20:05"}, {"id": "RHSA-2013:0963", "type": "redhat", "title": "(RHSA-2013:0963) Critical: java-1.7.0-oracle security update", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory page, listed in the References section.\n(CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,\nCVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450,\nCVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455,\nCVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460,\nCVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3744)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.7.0-oracle are advised to upgrade to these updated\npackages, which provide Oracle Java 7 Update 25 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.\n", "published": "2013-06-20T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0963", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2400", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2462", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3744"], "lastseen": "2017-09-09T07:19:17"}, {"id": "RHSA-2014:0414", "type": "redhat", "title": "(RHSA-2014:0414) Important: java-1.6.0-sun security update", "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and\nthe Oracle Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the Oracle Java Runtime\nEnvironment and the Oracle Java Software Development Kit. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch Update Advisory pages, listed in the References section.\n(CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437,\nCVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446,\nCVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452,\nCVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457,\nCVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002,\nCVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,\nCVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,\nCVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803,\nCVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817,\nCVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,\nCVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832,\nCVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849,\nCVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887,\nCVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899,\nCVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910,\nCVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375,\nCVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411,\nCVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422,\nCVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446,\nCVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456,\nCVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876,\nCVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412,\nCVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427,\nCVE-2014-2428)\n\nAll users of java-1.6.0-sun are advised to upgrade to these updated\npackages, which provide Oracle Java 6 Update 75 and resolve these issues.\nAll running instances of Oracle Java must be restarted for the update to\ntake effect.", "published": "2014-04-17T15:19:24", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0414", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3743", "CVE-2013-3829", "CVE-2013-4002", "CVE-2013-4578", "CVE-2013-5772", "CVE-2013-5774", "CVE-2013-5776", "CVE-2013-5778", "CVE-2013-5780", "CVE-2013-5782", "CVE-2013-5783", "CVE-2013-5784", "CVE-2013-5787", "CVE-2013-5789", "CVE-2013-5790", "CVE-2013-5797", "CVE-2013-5801", "CVE-2013-5802", "CVE-2013-5803", "CVE-2013-5804", "CVE-2013-5809", "CVE-2013-5812", "CVE-2013-5814", "CVE-2013-5817", "CVE-2013-5818", "CVE-2013-5819", "CVE-2013-5820", "CVE-2013-5823", "CVE-2013-5824", "CVE-2013-5825", "CVE-2013-5829", "CVE-2013-5830", "CVE-2013-5831", "CVE-2013-5832", "CVE-2013-5840", "CVE-2013-5842", "CVE-2013-5843", "CVE-2013-5848", "CVE-2013-5849", "CVE-2013-5850", "CVE-2013-5852", "CVE-2013-5878", "CVE-2013-5884", "CVE-2013-5887", "CVE-2013-5888", "CVE-2013-5889", "CVE-2013-5896", "CVE-2013-5898", "CVE-2013-5899", "CVE-2013-5902", "CVE-2013-5905", "CVE-2013-5906", "CVE-2013-5907", "CVE-2013-5910", "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0375", "CVE-2014-0376", "CVE-2014-0387", "CVE-2014-0403", "CVE-2014-0410", "CVE-2014-0411", "CVE-2014-0415", "CVE-2014-0416", "CVE-2014-0417", "CVE-2014-0418", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0424", "CVE-2014-0428", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0456", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2403", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428"], "lastseen": "2018-02-09T16:10:54"}, {"id": "RHSA-2013:1456", "type": "redhat", "title": "(RHSA-2013:1456) Low: Red Hat Network Satellite server IBM Java Runtime security update", "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.5. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.5 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "published": "2013-10-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1456", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-2384", "CVE-2013-1491", "CVE-2013-1571", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-0401", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-1478", "CVE-2013-2456", "CVE-2013-0428", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-0169", "CVE-2012-1719", "CVE-2013-2394", "CVE-2012-3159", "CVE-2013-0435", "CVE-2013-0809", "CVE-2013-0442", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-0434", "CVE-2012-5081", "CVE-2013-0443", "CVE-2013-2419", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-0351", "CVE-2013-2465", "CVE-2013-1537", "CVE-2013-3743", "CVE-2012-0551", "CVE-2013-0433", "CVE-2013-1480", "CVE-2012-1717", "CVE-2012-1721", "CVE-2013-0409", "CVE-2013-0438", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-5083", "CVE-2013-2429", "CVE-2013-2471", "CVE-2012-1532", "CVE-2013-1486", "CVE-2013-1476", "CVE-2012-4823", "CVE-2013-1487", "CVE-2013-0445", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-4820", "CVE-2013-0432", "CVE-2012-5084", "CVE-2012-4822", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2464", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-2442", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-2432", "CVE-2012-1722", "CVE-2013-2443", "CVE-2013-1481", "CVE-2013-2446", "CVE-2012-0547", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-1540", "CVE-2013-1493", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-0425", "CVE-2012-5068", "CVE-2012-1682", "CVE-2013-0441", "CVE-2012-3143", "CVE-2013-1569", "CVE-2013-2412", "CVE-2013-2430", "CVE-2013-2466", "CVE-2013-0423", "CVE-2013-0419"], "lastseen": "2017-03-04T13:18:38"}, {"id": "RHSA-2013:1455", "type": "redhat", "title": "(RHSA-2013:1455) Low: Red Hat Network Satellite server IBM Java Runtime security update", "description": "This update corrects several security vulnerabilities in the IBM Java\nRuntime Environment shipped as part of Red Hat Network Satellite Server\n5.4. In a typical operating environment, these are of low security risk as\nthe runtime is not used on untrusted applets.\n\nSeveral flaws were fixed in the IBM Java 2 Runtime Environment.\n(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,\nCVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,\nCVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,\nCVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,\nCVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,\nCVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,\nCVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,\nCVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,\nCVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,\nCVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,\nCVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,\nCVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,\nCVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,\nCVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,\nCVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,\nCVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,\nCVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,\nCVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,\nCVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,\nCVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,\nCVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,\nCVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,\nCVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,\nCVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,\nCVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,\nCVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,\nCVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,\nCVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,\nCVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nUsers of Red Hat Network Satellite Server 5.4 are advised to upgrade to\nthese updated packages, which contain the IBM Java SE 6 SR14 release. For\nthis update to take effect, Red Hat Network Satellite Server must be\nrestarted (\"/usr/sbin/rhn-satellite restart\"), as well as all running\ninstances of IBM Java.\n", "published": "2013-10-23T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:1455", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2468", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-1491", "CVE-2013-1571", "CVE-2011-3557", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2011-3551", "CVE-2013-0401", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-1478", "CVE-2011-3549", "CVE-2013-2456", "CVE-2011-0802", "CVE-2011-0868", "CVE-2013-0428", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-0169", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2012-3159", "CVE-2013-0435", "CVE-2013-0809", "CVE-2013-0442", "CVE-2011-3561", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2011-0869", "CVE-2013-2473", "CVE-2011-0863", "CVE-2012-5079", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-0434", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2013-2463", "CVE-2013-1563", "CVE-2011-3389", "CVE-2013-2469", "CVE-2013-0351", "CVE-2013-2465", "CVE-2013-1537", "CVE-2013-3743", "CVE-2012-0498", "CVE-2011-3544", "CVE-2012-0551", "CVE-2011-3553", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2012-1717", "CVE-2012-1721", "CVE-2011-3516", "CVE-2013-0409", "CVE-2011-0873", "CVE-2013-0438", "CVE-2012-1713", "CVE-2012-1716", "CVE-2012-5083", "CVE-2013-2429", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2013-1486", "CVE-2013-1476", "CVE-2012-4823", "CVE-2013-1487", "CVE-2013-0445", "CVE-2012-5069", "CVE-2012-3216", "CVE-2012-4820", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2011-3546", "CVE-2012-4822", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2464", "CVE-2011-3554", "CVE-2013-0424", "CVE-2012-3213", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2011-0867", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-0440", "CVE-2013-2432", "CVE-2012-1722", "CVE-2013-2443", "CVE-2013-1481", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-1540", "CVE-2012-0500", "CVE-2011-3560", "CVE-2013-1493", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2455", "CVE-2011-3545", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-0425", "CVE-2011-3552", "CVE-2012-5068", "CVE-2012-1682", "CVE-2013-0441", "CVE-2012-3143", "CVE-2012-0502", "CVE-2011-3550", "CVE-2013-1569", "CVE-2013-2412", "CVE-2011-0862", "CVE-2013-2430", "CVE-2011-0871", "CVE-2013-2466", "CVE-2011-0814", "CVE-2013-0423", "CVE-2013-0419"], "lastseen": "2017-03-04T13:18:30"}], "ubuntu": [{"id": "USN-1907-1", "type": "ubuntu", "title": "OpenJDK 7 vulnerabilities", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. (CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "published": "2013-07-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1907-1/", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2018-03-29T18:18:25"}, {"id": "USN-1908-1", "type": "ubuntu", "title": "OpenJDK 6 vulnerabilities", "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. (CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "published": "2013-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1908-1/", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2449"], "lastseen": "2018-03-29T18:19:53"}, {"id": "USN-1907-2", "type": "ubuntu", "title": "IcedTea Web update", "description": "USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7.\n\nOriginal advisory details:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, CVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data integrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. (CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, CVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "published": "2013-07-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/1907-2/", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "lastseen": "2018-03-29T18:21:09"}], "gentoo": [{"id": "GLSA-201406-32", "type": "gentoo", "title": "IcedTea JDK: Multiple vulnerabilities", "description": "### Background\n\nIcedTea is a distribution of the Java OpenJDK source code built with free build tools. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll IcedTea JDK users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-java/icedtea-bin-6.1.13.3\"", "published": "2014-06-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201406-32", "cvelist": ["CVE-2012-5089", "CVE-2013-0426", "CVE-2013-2431", "CVE-2010-3562", "CVE-2013-2420", "CVE-2011-0865", "CVE-2013-2384", "CVE-2013-2415", "CVE-2012-1711", "CVE-2014-2397", "CVE-2013-1571", "CVE-2013-5782", "CVE-2011-3557", "CVE-2013-2417", "CVE-2013-1500", "CVE-2013-2448", "CVE-2010-3557", "CVE-2011-3551", "CVE-2013-4002", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2013-0427", "CVE-2012-1725", "CVE-2013-2424", "CVE-2014-0457", "CVE-2013-5850", "CVE-2013-2407", "CVE-2013-5778", "CVE-2013-1478", "CVE-2013-2456", "CVE-2010-3551", "CVE-2011-0868", "CVE-2013-0428", "CVE-2014-0446", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-0169", "CVE-2010-3553", "CVE-2012-1719", "CVE-2014-1876", "CVE-2014-0458", "CVE-2013-0429", "CVE-2014-2427", "CVE-2011-3563", "CVE-2013-1475", "CVE-2013-2421", "CVE-2013-1518", "CVE-2013-0435", "CVE-2012-5087", "CVE-2013-0809", "CVE-2013-0442", "CVE-2010-3566", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-5842", "CVE-2010-4448", "CVE-2013-0431", "CVE-2010-4465", "CVE-2012-5085", "CVE-2012-4540", "CVE-2011-0869", "CVE-2010-3565", "CVE-2012-5076", "CVE-2013-5830", "CVE-2013-2473", "CVE-2013-6954", "CVE-2012-4416", "CVE-2012-5075", "CVE-2014-0453", "CVE-2013-1488", "CVE-2012-0424", "CVE-2013-0434", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2011-3548", "CVE-2012-5081", "CVE-2011-3547", "CVE-2013-5817", "CVE-2010-4469", "CVE-2012-0503", "CVE-2011-3521", "CVE-2013-0443", "CVE-2011-5035", "CVE-2013-2419", "CVE-2014-0461", "CVE-2012-1723", "CVE-2013-2463", "CVE-2011-3571", "CVE-2010-3860", "CVE-2011-3389", "CVE-2013-2469", "CVE-2014-0459", "CVE-2014-0456", "CVE-2010-4450", "CVE-2012-1726", "CVE-2013-2465", "CVE-2013-1537", "CVE-2014-0429", "CVE-2013-5806", "CVE-2010-3574", "CVE-2011-3544", "CVE-2013-5805", "CVE-2011-3553", "CVE-2013-0444", "CVE-2012-0506", "CVE-2013-0433", "CVE-2013-1480", "CVE-2013-5825", "CVE-2012-1717", "CVE-2013-2423", "CVE-2010-3541", "CVE-2013-5823", "CVE-2011-3558", "CVE-2014-2403", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2009-3555", "CVE-2013-2429", "CVE-2013-5849", "CVE-2014-2412", "CVE-2010-2548", "CVE-2012-5086", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-5077", "CVE-2013-1486", "CVE-2013-1476", "CVE-2010-4476", "CVE-2010-4472", "CVE-2013-5780", "CVE-2010-4471", "CVE-2014-2421", "CVE-2012-5069", "CVE-2012-3216", "CVE-2014-0460", "CVE-2011-0870", "CVE-2011-0815", "CVE-2013-0432", "CVE-2012-0505", "CVE-2012-5084", "CVE-2012-1718", "CVE-2010-2783", "CVE-2013-2458", "CVE-2011-3554", "CVE-2013-0424", "CVE-2013-2459", "CVE-2013-0450", "CVE-2012-5071", "CVE-2013-5814", "CVE-2010-3561", "CVE-2011-0025", "CVE-2012-0501", "CVE-2010-3564", "CVE-2013-0440", "CVE-2013-2443", "CVE-2010-3549", "CVE-2012-3422", "CVE-2013-2446", "CVE-2011-3556", "CVE-2012-0547", "CVE-2013-5829", "CVE-2010-3554", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2472", "CVE-2014-2423", "CVE-2010-4470", "CVE-2011-0822", "CVE-2011-3560", "CVE-2013-1493", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2010-4351", "CVE-2011-0864", "CVE-2013-2453", "CVE-2013-1557", "CVE-2013-2426", "CVE-2013-2455", "CVE-2013-2422", "CVE-2013-2383", "CVE-2013-0425", "CVE-2013-1484", "CVE-2011-3552", "CVE-2013-5774", "CVE-2012-1724", "CVE-2010-3567", "CVE-2010-3573", "CVE-2013-6629", "CVE-2012-5068", "CVE-2013-3829", "CVE-2013-0441", "CVE-2010-3548", "CVE-2011-0706", "CVE-2012-5979", "CVE-2012-0502", "CVE-2013-5783", "CVE-2010-4467", "CVE-2012-3423", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-5790", "CVE-2014-2398", "CVE-2010-3568", "CVE-2014-0451", "CVE-2013-1569", "CVE-2013-2412", "CVE-2014-0452", "CVE-2011-0862", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2014-2414", "CVE-2010-3569", "CVE-2011-0871", "CVE-2013-2449", "CVE-2011-0872", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-5772"], "lastseen": "2016-09-06T19:46:20"}, {"id": "GLSA-201401-30", "type": "gentoo", "title": "Oracle JRE/JDK: Multiple vulnerabilities", "description": "### Background\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform). \n\n### Description\n\nMultiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jdk-bin-1.7.0.51\"\n \n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=dev-java/oracle-jre-bin-1.7.0.51\"\n \n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulation/emul-linux-x86-java-1.7.0.51\"\n \n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.", "published": "2014-01-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201401-30", "cvelist": ["CVE-2013-2418", "CVE-2012-5089", "CVE-2013-2431", "CVE-2013-2468", "CVE-2013-2420", "CVE-2013-5889", "CVE-2013-2384", "CVE-2013-2415", "CVE-2013-5848", "CVE-2012-1711", "CVE-2013-1491", "CVE-2013-1571", "CVE-2013-5782", "CVE-2013-5846", "CVE-2012-1541", "CVE-2013-2417", "CVE-2013-0402", "CVE-2013-5818", "CVE-2013-2433", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2416", "CVE-2013-2427", "CVE-2013-0401", "CVE-2012-5074", "CVE-2012-5073", "CVE-2012-1725", "CVE-2014-0385", "CVE-2013-2424", "CVE-2013-5878", "CVE-2013-5850", "CVE-2013-2407", "CVE-2012-1533", "CVE-2013-5778", "CVE-2013-2456", "CVE-2013-0448", "CVE-2014-0410", "CVE-2013-2436", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-1485", "CVE-2013-1479", "CVE-2013-2462", "CVE-2013-0169", "CVE-2014-0415", "CVE-2013-2414", "CVE-2012-1719", "CVE-2013-2394", "CVE-2011-3563", "CVE-2013-5870", "CVE-2013-2421", "CVE-2012-3159", "CVE-2013-1518", "CVE-2013-5776", "CVE-2012-5087", "CVE-2013-5788", "CVE-2013-5905", "CVE-2013-0809", "CVE-2013-5904", "CVE-2013-5888", "CVE-2013-2452", "CVE-2012-3342", "CVE-2013-2451", "CVE-2013-5893", "CVE-2013-5842", "CVE-2014-0387", "CVE-2012-5085", "CVE-2012-5076", "CVE-2013-5810", "CVE-2013-5830", "CVE-2013-2473", "CVE-2012-5079", "CVE-2012-4416", "CVE-2013-5898", "CVE-2012-0507", "CVE-2012-5075", "CVE-2013-1473", "CVE-2013-5832", "CVE-2012-3136", "CVE-2013-1488", "CVE-2013-5784", "CVE-2013-5809", "CVE-2013-5802", "CVE-2013-5851", "CVE-2014-0375", "CVE-2012-5081", "CVE-2012-5067", "CVE-2013-5817", "CVE-2012-0503", "CVE-2012-3174", "CVE-2011-5035", "CVE-2013-2419", "CVE-2012-1723", "CVE-2013-2463", "CVE-2013-1563", "CVE-2013-2469", "CVE-2013-5787", "CVE-2013-5852", "CVE-2012-1726", "CVE-2014-0418", "CVE-2013-0351", "CVE-2013-2465", "CVE-2014-0373", "CVE-2013-1537", "CVE-2013-3743", "CVE-2013-5854", "CVE-2012-0498", "CVE-2013-5806", "CVE-2013-5805", "CVE-2013-5887", "CVE-2012-0506", "CVE-2014-0408", "CVE-2013-5825", "CVE-2012-1717", "CVE-2012-1721", "CVE-2014-0376", "CVE-2013-2423", "CVE-2014-0422", "CVE-2013-5789", "CVE-2014-0411", "CVE-2013-2439", "CVE-2013-1561", "CVE-2013-5823", "CVE-2013-0409", "CVE-2013-5895", "CVE-2013-0438", "CVE-2012-1713", "CVE-2013-2461", "CVE-2012-1716", "CVE-2013-2428", "CVE-2012-5083", "CVE-2013-5843", "CVE-2012-5088", "CVE-2013-5899", "CVE-2013-2429", "CVE-2013-5812", "CVE-2013-5849", "CVE-2012-5086", "CVE-2013-5896", "CVE-2013-2471", "CVE-2012-0497", "CVE-2012-1532", "CVE-2012-5077", "CVE-2013-1486", "CVE-2014-0417", "CVE-2013-5780", "CVE-2013-5910", "CVE-2013-1487", "CVE-2013-5906", "CVE-2013-0430", "CVE-2013-0445", "CVE-2012-5069", "CVE-2014-0428", "CVE-2012-3216", "CVE-2014-0382", "CVE-2012-0505", "CVE-2013-5824", "CVE-2012-5084", "CVE-2013-5831", "CVE-2012-1718", "CVE-2013-2440", "CVE-2013-2434", "CVE-2013-2464", "CVE-2013-2458", "CVE-2012-3213", "CVE-2013-2459", "CVE-2012-5071", "CVE-2013-5814", "CVE-2013-2442", "CVE-2012-0499", "CVE-2012-0501", "CVE-2013-0446", "CVE-2013-2432", "CVE-2012-1722", "CVE-2014-0368", "CVE-2013-2443", "CVE-2014-0423", "CVE-2013-1481", "CVE-2013-5775", "CVE-2013-2446", "CVE-2012-0547", "CVE-2013-5829", "CVE-2013-5803", "CVE-2012-5072", "CVE-2013-2450", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-2438", "CVE-2013-1540", "CVE-2012-0500", "CVE-2013-2467", "CVE-2013-5907", "CVE-2013-1493", "CVE-2013-5902", "CVE-2012-1531", "CVE-2013-2444", "CVE-2013-3744", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-5844", "CVE-2013-0437", "CVE-2012-4681", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-1557", "CVE-2012-0504", "CVE-2013-2426", "CVE-2014-0424", "CVE-2013-2455", "CVE-2013-5819", "CVE-2013-2422", "CVE-2013-2435", "CVE-2013-2383", "CVE-2013-1484", "CVE-2013-1564", "CVE-2013-1558", "CVE-2013-5774", "CVE-2012-1724", "CVE-2013-0422", "CVE-2012-5068", "CVE-2014-0403", "CVE-2013-3829", "CVE-2012-1682", "CVE-2012-3143", "CVE-2012-0502", "CVE-2013-5783", "CVE-2013-5800", "CVE-2013-5820", "CVE-2013-2425", "CVE-2013-5777", "CVE-2013-5790", "CVE-2013-1569", "CVE-2013-5838", "CVE-2013-2412", "CVE-2013-0449", "CVE-2013-2445", "CVE-2013-2430", "CVE-2013-2460", "CVE-2013-5840", "CVE-2013-5801", "CVE-2014-0416", "CVE-2013-2449", "CVE-2013-2466", "CVE-2012-5070", "CVE-2013-5797", "CVE-2013-5804", "CVE-2013-0423", "CVE-2013-5772", "CVE-2013-0419"], "lastseen": "2016-09-06T19:46:14"}]}}
