ID 1337DAY-ID-21191 Type zdt Reporter GuHe Modified 2013-09-03T00:00:00
Description
Exploit for windows platform in category dos / poc
# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow
# Google Dork:
# Date: 2013-09-03
# Exploit Author: GuHe
# Vendor Homepage: http://www.oracle.com/
# Software Link:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
# Version: 7u21 and eariler
# Tested on: Windows 7
# CVE : CVE-2013-2470
CVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer
overflow
1. Affected Software
JRE 7 update 21 and earlier
JRE 6 update 45 and earlier
2. Root cause analysis
The "Java_sun_awt_image_ImagingLib_lookupByteBI" performs byte lookup
operation on two BufferedImage.
In the following code:
/* Mlib needs 16bit lookuptable and must be signed! */
if (src->type == MLIB_SHORT) {
unsigned short *sdataP = (unsigned short *) src->data;
unsigned short *sP;
if (dst->type == MLIB_BYTE) {
unsigned char *cdataP = (unsigned char *) dst->data;
unsigned char *cP;
if (nbands > 1) {
retStatus = 0;
}
else {
int x, y;
for (y=0; y < src->height; y++) {
cP = cdataP;
sP = sdataP;
for (x=0; x < src->width; x++) {
*cP++ = table[0][*sP++];
}
/*
* 4554571: increment pointers using the scanline stride
* in pixel units (not byte units)
*/
cdataP += dstImageP->raster.scanlineStride;
sdataP += srcImageP->raster.scanlineStride;
}
}
}
/* How about ddata == null? */
}
It tries to map data in src raster to the dst raster. The total bytes
written to dst rater buffer is:
(src->width) * (src->height). However, it does not correctly check the size
of the dst buffer, if the size of the
dst buffer is smaller than (src->width) * (src->height), it will be
overflowed.
3. Poc
See "TestByteBI.java" for the source code.
And you can test the poc by directly open the "HelloApplet.html" in a web
browser.
4. Tested on
JRE 7 update 21 on Windows 7 Enterprise
# 0day.today [2018-01-26] #
{"id": "1337DAY-ID-21191", "lastseen": "2018-01-27T01:16:52", "viewCount": 11, "bulletinFamily": "exploit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 2, "enchantments": {"score": {"value": 8.5, "vector": "NONE", "modified": "2018-01-27T01:16:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-2470"]}, {"type": "symantec", "idList": ["SMNTC-60651"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:BC947F589F8954E3EC30A687251D828E"]}, {"type": "exploitdb", "idList": ["EDB-ID:28050"]}, {"type": "seebug", "idList": ["SSV:81632"]}, {"type": "zdi", "idList": ["ZDI-13-158"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-1014.NASL", "ORACLELINUX_ELSA-2013-1014.NASL", "DEBIAN_DSA-2727.NASL", "REDHAT-RHSA-2013-1081.NASL", "ALA_ALAS-2013-207.NASL", "CENTOS_RHSA-2013-1014.NASL", "SUSE_JAVA-1_4_2-IBM-8652.NASL", "SUSE_11_JAVA-1_4_2-IBM-130723.NASL", "SL_20130703_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SUSE_JAVA-1_5_0-IBM-8653.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1256-1", "SUSE-SU-2013:1263-1", "SUSE-SU-2013:1238-1", "SUSE-SU-2013:1254-1", "SUSE-SU-2013:1293-2", "SUSE-SU-2013:1255-3", "SUSE-SU-2013:1255-2", "SUSE-SU-2013:1264-1", "SUSE-SU-2013:1263-2", "SUSE-SU-2013:1293-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310803821", "OPENVAS:1361412562310123602", "OPENVAS:1361412562310871015", "OPENVAS:1361412562310881762", "OPENVAS:803821", "OPENVAS:892727", "OPENVAS:881761", "OPENVAS:881762", "OPENVAS:1361412562310892727", "OPENVAS:871015"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2727-1:34891", "DEBIAN:DSA-2722-1:0F82B"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1014", "ELSA-2013-0957", "ELSA-2013-0958"]}, {"type": "redhat", "idList": ["RHSA-2013:0958", "RHSA-2013:1014", "RHSA-2013:1059", "RHSA-2013:1081", "RHSA-2013:0957"]}, {"type": "amazon", "idList": ["ALAS-2013-207", "ALAS-2013-204"]}, {"type": "centos", "idList": ["CESA-2013:0957", "CESA-2013:1014", "CESA-2013:0958"]}, {"type": "ubuntu", "idList": ["USN-1907-1", "USN-1908-1", "USN-1907-2"]}], "modified": "2018-01-27T01:16:52", "rev": 2}, "vulnersScore": 8.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/21191", "description": "Exploit for windows platform in category dos / poc", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow Vulnerability", "cvelist": ["CVE-2013-2470"], "sourceData": "# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\r\n# Google Dork:\r\n# Date: 2013-09-03\r\n# Exploit Author: GuHe\r\n# Vendor Homepage: http://www.oracle.com/\r\n# Software Link:\r\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\r\n# Version: 7u21 and eariler\r\n# Tested on: Windows 7\r\n# CVE : CVE-2013-2470\r\n \r\n \r\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\r\noverflow\r\n \r\n \r\n1. Affected Software\r\nJRE 7 update 21 and earlier\r\nJRE 6 update 45 and earlier\r\n \r\n \r\n2. Root cause analysis\r\n \r\nThe \"Java_sun_awt_image_ImagingLib_lookupByteBI\" performs byte lookup\r\noperation on two BufferedImage.\r\n \r\nIn the following code:\r\n \r\n /* Mlib needs 16bit lookuptable and must be signed! */\r\n if (src->type == MLIB_SHORT) {\r\n unsigned short *sdataP = (unsigned short *) src->data;\r\n unsigned short *sP;\r\n if (dst->type == MLIB_BYTE) {\r\n unsigned char *cdataP = (unsigned char *) dst->data;\r\n unsigned char *cP;\r\n if (nbands > 1) {\r\n retStatus = 0;\r\n }\r\n else {\r\n int x, y;\r\n for (y=0; y < src->height; y++) {\r\n cP = cdataP;\r\n sP = sdataP;\r\n for (x=0; x < src->width; x++) {\r\n *cP++ = table[0][*sP++];\r\n }\r\n \r\n /*\r\n * 4554571: increment pointers using the scanline stride\r\n * in pixel units (not byte units)\r\n */\r\n cdataP += dstImageP->raster.scanlineStride;\r\n sdataP += srcImageP->raster.scanlineStride;\r\n }\r\n }\r\n }\r\n /* How about ddata == null? */\r\n }\r\n \r\nIt tries to map data in src raster to the dst raster. The total bytes\r\nwritten to dst rater buffer is:\r\n(src->width) * (src->height). However, it does not correctly check the size\r\nof the dst buffer, if the size of the\r\ndst buffer is smaller than (src->width) * (src->height), it will be\r\noverflowed.\r\n \r\n \r\n3. Poc\r\nSee \"TestByteBI.java\" for the source code.\r\nAnd you can test the poc by directly open the \"HelloApplet.html\" in a web\r\nbrowser.\r\n \r\n \r\n4. Tested on\r\nJRE 7 update 21 on Windows 7 Enterprise\n\n# 0day.today [2018-01-26] #", "published": "2013-09-03T00:00:00", "references": [], "reporter": "GuHe", "modified": "2013-09-03T00:00:00", "href": "https://0day.today/exploit/description/21191", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:06:51", "description": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"ImagingLib byte lookup processing.\"\nPer: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\r\n\r\n'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'", "edition": 6, "cvss3": {}, "published": "2013-06-18T22:55:00", "title": "CVE-2013-2470", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-2470"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:sun:jdk:1.6.0", "cpe:/a:oracle:jre:1.6.0", "cpe:/a:oracle:jdk:1.5.0", "cpe:/a:sun:jre:1.6.0", "cpe:/a:oracle:jdk:1.6.0", "cpe:/a:oracle:jdk:1.7.0", "cpe:/a:sun:jdk:1.5.0", "cpe:/a:sun:jre:1.5.0", "cpe:/a:oracle:jre:1.7.0", "cpe:/a:oracle:jre:1.5.0"], "id": "CVE-2013-2470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2470", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_40:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_36:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.5.0:update_36:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_40:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.5.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.6.0:update_45:*:*:*:*:*:*", "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*", "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*", "cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-12T02:29:19", "bulletinFamily": "software", "cvelist": ["CVE-2013-2470"], "description": "### Description\n\nOracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update 45\n\n### Technologies Affected\n\n * Apple Mac OS X 10.6.8 \n * Apple Mac OS X 10.7 \n * Apple Mac OS X 10.7.1 \n * Apple Mac OS X 10.7.2 \n * Apple Mac OS X 10.7.3 \n * Apple Mac OS X 10.7.4 \n * Apple Mac OS X 10.7.5 \n * Apple Mac OS X 10.8 \n * Apple Mac OS X 10.8.1 \n * Apple Mac OS X 10.8.2 \n * Apple Mac OS X 10.8.3 \n * Apple Mac OS X 10.8.4 \n * Apple Mac OS X Server 10.6.8 \n * Apple Mac OS X Server 10.7 \n * Apple Mac OS X Server 10.7.1 \n * Apple Mac OS X Server 10.7.2 \n * Apple Mac OS X Server 10.7.3 \n * Apple Mac OS X Server 10.7.4 \n * Apple Mac OS X Server 10.7.5 \n * Avaya Aura Application Enablement Services 5.2 \n * Avaya Aura Application Enablement Services 5.2.1 \n * Avaya Aura Application Enablement Services 5.2.2 \n * Avaya Aura Application Enablement Services 5.2.3 \n * Avaya Aura Application Enablement Services 5.2.4 \n * Avaya Aura Application Enablement Services 6.1 \n * Avaya Aura Application Enablement Services 6.1.1 \n * Avaya Aura Application Enablement Services 6.1.2 \n * Avaya Aura Application Server 5300 SIP Core 2.0 \n * Avaya Aura Application Server 5300 SIP Core 3.0 \n * Avaya Aura Communication Manager Utility Services 6.0 \n * Avaya Aura Communication Manager Utility Services 6.1 \n * Avaya Aura Communication Manager Utility Services 6.2 \n * Avaya Aura Communication Manager Utility Services 6.3 \n * Avaya Aura Conferencing 6.0 SP1 Standard \n * Avaya Aura Conferencing 6.0 Standard \n * Avaya Aura Conferencing 7.0 \n * Avaya Aura Experience Portal 6.0 \n * Avaya Aura Experience Portal 6.0 SP1 \n * Avaya Aura Experience Portal 6.0 SP2 \n * Avaya Aura Experience Portal 6.0.1 \n * Avaya Aura Experience Portal 6.0.2 \n * Avaya Aura Messaging 6.0 \n * Avaya Aura Messaging 6.0.1 \n * Avaya Aura Messaging 6.1 \n * Avaya Aura Messaging 6.1.1 \n * Avaya Aura Messaging 6.2 \n * Avaya Aura Presence Services 6.0 \n * Avaya Aura Presence Services 6.1 \n * Avaya Aura Presence Services 6.1 SP1 \n * Avaya Aura Presence Services 6.1.1 \n * Avaya Aura Presence Services 6.1.2 \n * Avaya Aura SIP Enablement Services 5.2 \n * Avaya Aura SIP Enablement Services 5.2.1 \n * Avaya Aura Session Manager 5.2 \n * Avaya Aura Session Manager 5.2 SP1 \n * Avaya Aura Session Manager 5.2 SP2 \n * Avaya Aura Session Manager 5.2.1 \n * Avaya Aura Session Manager 6.0 \n * Avaya Aura Session Manager 6.0 SP1 \n * Avaya Aura Session Manager 6.0.1 \n * Avaya Aura Session Manager 6.1 \n * Avaya Aura Session Manager 6.1 SP1 \n * Avaya Aura Session Manager 6.1 SP2 \n * Avaya Aura Session Manager 6.1.1 \n * Avaya Aura Session Manager 6.1.2 \n * Avaya Aura Session Manager 6.1.3 \n * Avaya Aura Session Manager 6.1.5 \n * Avaya Aura Session Manager 6.2 \n * Avaya Aura Session Manager 6.2 SP1 \n * Avaya Aura Session Manager 6.2.1 \n * Avaya Aura Session Manager 6.2.2 \n * Avaya Aura Session Manager 6.3 \n * Avaya Aura System Manager 5.2 \n * Avaya Aura System Manager 6.0 \n * Avaya Aura System Manager 6.0 SP1 \n * Avaya Aura System Manager 6.1 \n * Avaya Aura System Manager 6.1 SP1 \n * Avaya Aura System Manager 6.1 SP2 \n * Avaya Aura System Manager 6.1.1 \n * Avaya Aura System Manager 6.1.2 \n * Avaya Aura System Manager 6.1.3 \n * Avaya Aura System Manager 6.1.5 \n * Avaya Aura System Manager 6.2 \n * Avaya Aura System Manager 6.2 SP3 \n * Avaya Aura System Manager 6.3 \n * Avaya Aura System Platform 1.0 \n * Avaya Aura System Platform 1.1 \n * Avaya Aura System Platform 6.0 \n * Avaya Aura System Platform 6.0.1 \n * Avaya Aura System Platform 6.0.2 \n * Avaya Aura System Platform 6.0.3.0.3 \n * Avaya Aura System Platform 6.0.3.8.3 \n * Avaya Aura System Platform 6.0.3.9.3 \n * Avaya Aura System Platform 6.2 \n * Avaya Aura System Platform 6.2.1 \n * Avaya Aura System Platform 6.3 \n * Avaya CMS R16 \n * Avaya CMS R16.3 \n * Avaya CMS r15 \n * Avaya CMS r17 \n * Avaya Call Management System R17.0 \n * Avaya Communication Server 1000E 6.0 \n * Avaya Communication Server 1000E 7.0 \n * Avaya Communication Server 1000E 7.5 \n * Avaya Communication Server 1000E Signaling Server 6.0 \n * Avaya Communication Server 1000E Signaling Server 7.0 \n * Avaya Communication Server 1000E Signaling Server 7.5 \n * Avaya Communication Server 1000M 6.0 \n * Avaya Communication Server 1000M 7.0 \n * Avaya Communication Server 1000M 7.5 \n * Avaya Communication Server 1000M Signaling Server 6.0 \n * Avaya Communication Server 1000M Signaling Server 7.0 \n * Avaya Communication Server 1000M Signaling Server 7.5 \n * Avaya Conferencing Standard Edition 6.0 \n * Avaya Conferencing Standard Edition 6.0.1 \n * Avaya IP Office Application Server 8.0 \n * Avaya IP Office Application Server 8.1 \n * Avaya IR 4.0 \n * Avaya Meeting Exchange 5.0 \n * Avaya Meeting Exchange 5.1 \n * Avaya Meeting Exchange 5.2 \n * Avaya Meeting Exchange 6.0 \n * Avaya Meeting Exchange 6.2 \n * Avaya Message Networking 6.2.0 \n * Avaya Messaging Application Server 5.2.1 \n * Avaya Messaging Message Storage Server 5.2.1 \n * Avaya Proactive Contact 5.0 \n * Avaya Proactive Contact 5.1 \n * Avaya Voice Portal 5.0 \n * Avaya Voice Portal 5.0 SP1 \n * Avaya Voice Portal 5.0 SP2 \n * Avaya Voice Portal 5.1 \n * Avaya Voice Portal 5.1 SP1 \n * Avaya Voice Portal 5.1 SP3 \n * Avaya Voice Portal 5.1 Sp2 \n * Avaya Voice Portal 5.1.1 \n * Avaya Voice Portal 5.1.2 \n * Avaya Voice Portal 5.1.3 \n * Avaya one-X Client Enablement Services 6.0 \n * Avaya one-X Client Enablement Services 6.1 \n * Avaya one-X Client Enablement Services 6.2 \n * CentOS CentOS 5 \n * CentOS CentOS 6 \n * Debian Linux 6.0 amd64 \n * Debian Linux 6.0 arm \n * Debian Linux 6.0 ia-32 \n * Debian Linux 6.0 ia-64 \n * Debian Linux 6.0 mips \n * Debian Linux 6.0 powerpc \n * Debian Linux 6.0 s/390 \n * Debian Linux 6.0 sparc \n * Fedoraproject Fedora 17 \n * Fedoraproject Fedora 18 \n * Fedoraproject Fedora 19 \n * Gentoo Linux \n * HP HP-UX B.11.11 \n * HP HP-UX B.11.31 \n * Hitachi Cosminexus 7.0 \n * Hitachi Cosminexus 8.0 \n * Hitachi Cosminexus 9.0 \n * Hitachi Cosminexus Application Server 5.0 \n * Hitachi Cosminexus Application Server 6.0 \n * Hitachi Cosminexus Client 6 \n * Hitachi Cosminexus Developer 5 \n * Hitachi Cosminexus Developer 6.0 \n * Hitachi Cosminexus Server - Standard Edition 4 \n * Hitachi Cosminexus Server - Web Edition 4 \n * Hitachi Cosminexus Studio 4.0 \n * Hitachi Cosminexus Studio 5 \n * Hitachi uCosminexus Application Server 09-00 \n * Hitachi uCosminexus Client 8 \n * Hitachi uCosminexus Developer 09-00 (Linux) \n * Hitachi uCosminexus Operator 8 \n * Hitachi uCosminexus Service Architect 8 \n * Hitachi uCosminexus Service Platform 8 \n * IBM CICS Transaction Gateway 7.1 \n * IBM CICS Transaction Gateway 7.2 \n * IBM CICS Transaction Gateway 8.0 \n * IBM CICS Transaction Gateway 8.1 \n * IBM CICS Transaction Gateway 9.0 \n * IBM Cloudburst 1.2 \n * IBM Cloudburst 2.1 \n * IBM Cloudburst 2.1.1 \n * IBM Flex System Manager Types 7955 1.1.0 \n * IBM Flex System Manager Types 7955 1.3.0 \n * IBM Flex System Manager Types 8731 1.1.0 \n * IBM Flex System Manager Types 8731 1.3.0 \n * IBM Flex System Manager Types 8734 1.1.0 \n * IBM Flex System Manager Types 8734 1.3.0 \n * IBM Integration Bus 9.0.0.0 \n * IBM Java SDK 1.4.2 \n * IBM Java SDK 1.4.2 SR13-FP17 \n * IBM Java SDK 5 \n * IBM Java SDK 5.0 SR16-FP2 \n * IBM Java SDK 6 \n * IBM Java SDK 6 SR13-FP2 \n * IBM Java SDK 6.0.1 SR5-FP2 \n * IBM Java SDK 7 \n * IBM Java SDK 7 SR4-FP2 \n * IBM Java SE 1.4.2 \n * IBM Java SE 5.0 \n * IBM Java SE 6 \n * IBM Java SE 7 \n * IBM Lotus Domino 8.0 \n * IBM Lotus Domino 8.0.1 \n * IBM Lotus Domino 8.0.2 \n * IBM Lotus Domino 8.0.2.1 \n * IBM Lotus Domino 8.0.2.2 \n * IBM Lotus Domino 8.0.2.3 \n * IBM Lotus Domino 8.0.2.4 \n * IBM Lotus Domino 8.5.0 \n * IBM Lotus Domino 8.5.0.1 \n * IBM Lotus Domino 8.5.1 \n * IBM Lotus Domino 8.5.1.1 \n * IBM Lotus Domino 8.5.2 \n * IBM Lotus Domino 8.5.3 \n * IBM Lotus Domino 8.5.4 \n * IBM Lotus Domino 9.0 \n * IBM Lotus Notes 8.0 \n * IBM Lotus Notes 8.0.1 \n * IBM Lotus Notes 8.0.2 \n * IBM Lotus Notes 8.0.2.1 \n * IBM Lotus Notes 8.0.2.2 \n * IBM Lotus Notes 8.0.2.3 \n * IBM Lotus Notes 8.0.2.4 \n * IBM Lotus Notes 8.0.2.5 \n * IBM Lotus Notes 8.0.2.6 \n * IBM Lotus Notes 8.5 \n * IBM Lotus Notes 8.5.0.1 \n * IBM Lotus Notes 8.5.1 \n * IBM Lotus Notes 8.5.1.2 \n * IBM Lotus Notes 8.5.1.3 \n * IBM Lotus Notes 8.5.1.4 \n * IBM Lotus Notes 8.5.1.5 \n * IBM Lotus Notes 8.5.2 \n * IBM Lotus Notes 8.5.2.1 \n * IBM Lotus Notes 8.5.2.2 \n * IBM Lotus Notes 8.5.2.3 \n * IBM Lotus Notes 8.5.3 \n * IBM Lotus Notes 9.0 \n * IBM Maximo Asset Management 6.2 \n * IBM Maximo Asset Management 6.2.1 \n * IBM Maximo Asset Management 6.2.2 \n * IBM Maximo Asset Management 6.2.3 \n * IBM Maximo Asset Management 6.2.4 \n * IBM Maximo Asset Management 6.2.5 \n * IBM Maximo Asset Management 6.2.6 \n * IBM Maximo Asset Management 6.2.7 \n * IBM Maximo Asset Management 6.2.8 \n * IBM Maximo Asset Management 7.1.1 \n * IBM Maximo Asset Management 7.2 \n * IBM Maximo Asset Management 7.2.1 \n * IBM Maximo Asset Management 7.5 \n * IBM OS/400 V5R4M0 \n * IBM OS/400 V6R1M0 \n * IBM Operational Decision Manager 8.0 \n * IBM Operational Decision Manager 8.5 \n * IBM Service Delivery Manager 7.2.1 \n * IBM Service Delivery Manager 7.2.2 \n * IBM Service Delivery Manager 7.2.4 \n * IBM Smart Analytics System 5600 9.7 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.0 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.1 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.2 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.3 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.4 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.1.5 \n * IBM Tivoli Application Dependency Discovery Manager 7.2.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.1.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.1 \n * IBM Tivoli Composite Application Manager for Transactions 7.2.0.2 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0 \n * IBM Tivoli Composite Application Manager for Transactions 7.3.0.1 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2 \n * IBM Tivoli Endpoint Manager for Remote Control 8.2.1 \n * IBM Tivoli Monitoring 6.2.0 \n * IBM Tivoli Monitoring 6.2.0 Fix Pack 03 \n * IBM Tivoli Monitoring 6.2.1 \n * IBM Tivoli Monitoring 6.2.1 Fix Pack 04 \n * IBM Tivoli Monitoring 6.2.2 \n * IBM Tivoli Monitoring 6.2.2 FP6 \n * IBM Tivoli Monitoring 6.2.2 FixPack 4 \n * IBM Tivoli Monitoring 6.2.2.9 \n * IBM Tivoli Monitoring 6.2.3 \n * IBM Tivoli Monitoring 6.2.3 Fix Pack 3 \n * IBM Tivoli Monitoring 6.2.3.1 \n * IBM Tivoli Monitoring 6.2.3.2 \n * IBM Tivoli Monitoring 6.3.0 \n * IBM Tivoli Monitoring 6.3.0.1 \n * IBM Tivoli Provisioning Manager 7.1.1 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1 \n * IBM Tivoli System Automation for Integrated Operations Management 2.1.1 \n * IBM Virtualization Engine TS7700 \n * IBM WebSphere ILOG JRules 7.1 \n * IBM WebSphere Message Broker 6.1 \n * IBM WebSphere Operational Decision Management 7.5.0.0 \n * IBM WebSphere Real Time 2.0 \n * IBM WebSphere Real Time 3 SR4-FP2 \n * IBM i 6.1 \n * IBM i 7.1 \n * IBM i V5R4 \n * Mandriva Business Server 1 \n * Mandriva Business Server 1 X86 64 \n * Oracle Enterprise Linux 5 \n * Oracle Enterprise Linux 6 \n * Oracle Enterprise Linux 6.2 \n * Oracle JDK (Linux Production Release) 1.5.0_36 \n * Oracle JDK (Linux Production Release) 1.5.0_38 \n * Oracle JDK (Linux Production Release) 1.5.0_39 \n * Oracle JDK (Linux Production Release) 1.6.0_22 \n * Oracle JDK (Linux Production Release) 1.6.0_23 \n * Oracle JDK (Linux Production Release) 1.6.0_24 \n * Oracle JDK (Linux Production Release) 1.6.0_25 \n * Oracle JDK (Linux Production Release) 1.6.0_26 \n * Oracle JDK (Linux Production Release) 1.6.0_27 \n * Oracle JDK (Linux Production Release) 1.6.0_28 \n * Oracle JDK (Linux Production Release) 1.6.0_30 \n * Oracle JDK (Linux Production Release) 1.6.0_32 \n * Oracle JDK (Linux Production Release) 1.6.0_35 \n * Oracle JDK (Linux Production Release) 1.6.0_38 \n * Oracle JDK (Linux Production Release) 1.6.0_39 \n * Oracle JDK (Linux Production Release) 1.7.0 \n * Oracle JDK (Linux Production Release) 1.7.0_12 \n * Oracle JDK (Linux Production Release) 1.7.0_13 \n * Oracle JDK (Linux Production Release) 1.7.0_2 \n * Oracle JDK (Linux Production Release) 1.7.0_4 \n * Oracle JDK (Linux Production Release) 1.7.0_7 \n * Oracle JDK (Solaris Production Release) 1.5.0_36 \n * Oracle JDK (Solaris Production Release) 1.5.0_38 \n * Oracle JDK (Solaris Production Release) 1.6.0_22 \n * Oracle JDK (Solaris Production Release) 1.6.0_23 \n * Oracle JDK (Solaris Production Release) 1.6.0_24 \n * Oracle JDK (Solaris Production Release) 1.6.0_25 \n * Oracle JDK (Solaris Production Release) 1.6.0_26 \n * Oracle JDK (Solaris Production Release) 1.6.0_27 \n * Oracle JDK (Solaris Production Release) 1.6.0_28 \n * Oracle JDK (Solaris Production Release) 1.6.0_30 \n * Oracle JDK (Solaris Production Release) 1.6.0_32 \n * Oracle JDK (Solaris Production Release) 1.6.0_35 \n * Oracle JDK (Solaris Production Release) 1.6.0_37 \n * Oracle JDK (Solaris Production Release) 1.6.0_38 \n * Oracle JDK (Solaris Production Release) 1.7.0 \n * Oracle JDK (Solaris Production Release) 1.7.0_10 \n * Oracle JDK (Solaris Production Release) 1.7.0_11 \n * Oracle JDK (Solaris Production Release) 1.7.0_2 \n * Oracle JDK (Solaris Production Release) 1.7.0_4 \n * Oracle JDK (Solaris Production Release) 1.7.0_7 \n * Oracle JDK (Windows Production Release) 1.5.0_36 \n * Oracle JDK (Windows Production Release) 1.5.0_38 \n * Oracle JDK (Windows Production Release) 1.6.0_22 \n * Oracle JDK (Windows Production Release) 1.6.0_23 \n * Oracle JDK (Windows Production Release) 1.6.0_24 \n * Oracle JDK (Windows Production Release) 1.6.0_25 \n * Oracle JDK (Windows Production Release) 1.6.0_26 \n * Oracle JDK (Windows Production Release) 1.6.0_27 \n * Oracle JDK (Windows Production Release) 1.6.0_28 \n * Oracle JDK (Windows Production Release) 1.6.0_30 \n * Oracle JDK (Windows Production Release) 1.6.0_32 \n * Oracle JDK (Windows Production Release) 1.6.0_35 \n * Oracle JDK (Windows Production Release) 1.6.0_37 \n * Oracle JDK (Windows Production Release) 1.6.0_38 \n * Oracle JDK (Windows Production Release) 1.7.0 \n * Oracle JDK (Windows Production Release) 1.7.0_2 \n * Oracle JDK (Windows Production Release) 1.7.0_4 \n * Oracle JDK (Windows Production Release) 1.7.0_7 \n * Oracle JDK(Linux Production Release) 1.5.0_41 \n * Oracle JDK(Linux Production Release) 1.5.0_45 \n * Oracle JDK(Linux Production Release) 1.6.0_37 \n * Oracle JDK(Linux Production Release) 1.6.0_43 \n * Oracle JDK(Linux Production Release) 1.6.0_45 \n * Oracle JDK(Linux Production Release) 1.7.0_10 \n * Oracle JDK(Linux Production Release) 1.7.0_11 \n * Oracle JDK(Linux Production Release) 1.7.0_17 \n * Oracle JDK(Linux Production Release) 1.7.0_21 \n * Oracle JDK(Linux Production Release) 1.7.0_8 \n * Oracle JDK(Linux Production Release) 1.7.0_9 \n * Oracle JDK(Solaris Production Release) 1.5.0_39 \n * Oracle JDK(Solaris Production Release) 1.5.0_41 \n * Oracle JDK(Solaris Production Release) 1.5.0_45 \n * Oracle JDK(Solaris Production Release) 1.6.0_39 \n * Oracle JDK(Solaris Production Release) 1.6.0_43 \n * Oracle JDK(Solaris Production Release) 1.6.0_45 \n * Oracle JDK(Solaris Production Release) 1.7.0_12 \n * Oracle JDK(Solaris Production Release) 1.7.0_13 \n * Oracle JDK(Solaris Production Release) 1.7.0_21 \n * Oracle JDK(Solaris Production Release) 1.7.0_8 \n * Oracle JDK(Solaris Production Release) 1.7.0_9 \n * Oracle JDK(Windows Production Release) 1.5.0_39 \n * Oracle JDK(Windows Production Release) 1.5.0_45 \n * Oracle JDK(Windows Production Release) 1.6.0_39 \n * Oracle JDK(Windows Production Release) 1.6.0_43 \n * Oracle JDK(Windows Production Release) 1.6.0_45 \n * Oracle JDK(Windows Production Release) 1.7.0_10 \n * Oracle JDK(Windows Production Release) 1.7.0_11 \n * Oracle JDK(Windows Production Release) 1.7.0_12 \n * Oracle JDK(Windows Production Release) 1.7.0_13 \n * Oracle JDK(Windows Production Release) 1.7.0_17 \n * Oracle JDK(Windows Production Release) 1.7.0_21 \n * Oracle JDK(Windows Production Release) 1.7.0_8 \n * Oracle JDK(Windows Production Release) 1.7.0_9 \n * Oracle JRE (Linux Production Release) 1.5.0_36 \n * Oracle JRE (Linux Production Release) 1.5.0_38 \n * Oracle JRE (Linux Production Release) 1.5.0_39 \n * Oracle JRE (Linux Production Release) 1.6.0_22 \n * Oracle JRE (Linux Production Release) 1.6.0_23 \n * Oracle JRE (Linux Production Release) 1.6.0_24 \n * Oracle JRE (Linux Production Release) 1.6.0_25 \n * Oracle JRE (Linux Production Release) 1.6.0_26 \n * Oracle JRE (Linux Production Release) 1.6.0_27 \n * Oracle JRE (Linux Production Release) 1.6.0_28 \n * Oracle JRE (Linux Production Release) 1.6.0_30 \n * Oracle JRE (Linux Production Release) 1.6.0_32 \n * Oracle JRE (Linux Production Release) 1.6.0_35 \n * Oracle JRE (Linux Production Release) 1.6.0_39 \n * Oracle JRE (Linux Production Release) 1.7.0_12 \n * Oracle JRE (Linux Production Release) 1.7.0_13 \n * Oracle JRE (Linux Production Release) 1.7.0_2 \n * Oracle JRE (Linux Production Release) 1.7.0_21 \n * Oracle JRE (Linux Production Release) 1.7.0_4 \n * Oracle JRE (Linux Production Release) 1.7.0_7 \n * Oracle JRE (Solaris Production Release) 1.5.0_36 \n * Oracle JRE (Solaris Production Release) 1.5.0_38 \n * Oracle JRE (Solaris Production Release) 1.6.0_22 \n * Oracle JRE (Solaris Production Release) 1.6.0_23 \n * Oracle JRE (Solaris Production Release) 1.6.0_24 \n * Oracle JRE (Solaris Production Release) 1.6.0_25 \n * Oracle JRE (Solaris Production Release) 1.6.0_26 \n * Oracle JRE (Solaris Production Release) 1.6.0_27 \n * Oracle JRE (Solaris Production Release) 1.6.0_28 \n * Oracle JRE (Solaris Production Release) 1.6.0_30 \n * Oracle JRE (Solaris Production Release) 1.6.0_32 \n * Oracle JRE (Solaris Production Release) 1.6.0_35 \n * Oracle JRE (Solaris Production Release) 1.7.0_2 \n * Oracle JRE (Solaris Production Release) 1.7.0_4 \n * Oracle JRE (Solaris Production Release) 1.7.0_7 \n * Oracle JRE (Windows Production Release) 1.5.0_36 \n * Oracle JRE (Windows Production Release) 1.5.0_38 \n * Oracle JRE (Windows Production Release) 1.5.0_45 \n * Oracle JRE (Windows Production Release) 1.6.0_22 \n * Oracle JRE (Windows Production Release) 1.6.0_23 \n * Oracle JRE (Windows Production Release) 1.6.0_24 \n * Oracle JRE (Windows Production Release) 1.6.0_25 \n * Oracle JRE (Windows Production Release) 1.6.0_26 \n * Oracle JRE (Windows Production Release) 1.6.0_27 \n * Oracle JRE (Windows Production Release) 1.6.0_28 \n * Oracle JRE (Windows Production Release) 1.6.0_30 \n * Oracle JRE (Windows Production Release) 1.6.0_32 \n * Oracle JRE (Windows Production Release) 1.6.0_35 \n * Oracle JRE (Windows Production Release) 1.6.0_45 \n * Oracle JRE (Windows Production Release) 1.7.0_2 \n * Oracle JRE (Windows Production Release) 1.7.0_21 \n * Oracle JRE (Windows Production Release) 1.7.0_4 \n * Oracle JRE (Windows Production Release) 1.7.0_7 \n * Oracle JRE(Linux Production Release) 1.5.0_41 \n * Oracle JRE(Linux Production Release) 1.5.0_45 \n * Oracle JRE(Linux Production Release) 1.6.0_38 \n * Oracle JRE(Linux Production Release) 1.6.0_43 \n * Oracle JRE(Linux Production Release) 1.6.0_45 \n * Oracle JRE(Linux Production Release) 1.7.0_10 \n * Oracle JRE(Linux Production Release) 1.7.0_11 \n * Oracle JRE(Linux Production Release) 1.7.0_17 \n * Oracle JRE(Linux Production Release) 1.7.0_8 \n * Oracle JRE(Linux Production Release) 1.7.0_9 \n * Oracle JRE(Solaris Production Release) 1.5.0_39 \n * Oracle JRE(Solaris Production Release) 1.5.0_41 \n * Oracle JRE(Solaris Production Release) 1.6.0_38 \n * Oracle JRE(Solaris Production Release) 1.6.0_39 \n * Oracle JRE(Solaris Production Release) 1.6.0_43 \n * Oracle JRE(Solaris Production Release) 1.6.0_45 \n * Oracle JRE(Solaris Production Release) 1.7.0_10 \n * Oracle JRE(Solaris Production Release) 1.7.0_11 \n * Oracle JRE(Solaris Production Release) 1.7.0_13 \n * Oracle JRE(Solaris Production Release) 1.7.0_17 \n * Oracle JRE(Solaris Production Release) 1.7.0_8 \n * Oracle JRE(Solaris Production Release) 1.7.0_9 \n * Oracle JRE(Windows Production Release) 1.5.0_39 \n * Oracle JRE(Windows Production Release) 1.5.0_41 \n * Oracle JRE(Windows Production Release) 1.6.0_38 \n * Oracle JRE(Windows Production Release) 1.6.0_39 \n * Oracle JRE(Windows Production Release) 1.6.0_43 \n * Oracle JRE(Windows Production Release) 1.7.0_10 \n * Oracle JRE(Windows Production Release) 1.7.0_11 \n * Oracle JRE(Windows Production Release) 1.7.0_12 \n * Oracle JRE(Windows Production Release) 1.7.0_13 \n * Oracle JRE(Windows Production Release) 1.7.0_17 \n * Oracle JRE(Windows Production Release) 1.7.0_8 \n * Oracle JRE(Windows Production Release) 1.7.0_9 \n * Redhat Enterprise Linux 5 Server \n * Redhat Enterprise Linux Desktop 5 Client \n * Redhat Enterprise Linux Desktop 6 \n * Redhat Enterprise Linux Desktop Optional 6 \n * Redhat Enterprise Linux Desktop Supplementary 5 Client \n * Redhat Enterprise Linux Desktop Supplementary 6 \n * Redhat Enterprise Linux HPC Node 6 \n * Redhat Enterprise Linux HPC Node Optional 6 \n * Redhat Enterprise Linux HPC Node Supplementary 6 \n * Redhat Enterprise Linux Server 6 \n * Redhat Enterprise Linux Server AUS 6.5 \n * Redhat Enterprise Linux Server EUS 6.5.z \n * Redhat Enterprise Linux Server Optional 6 \n * Redhat Enterprise Linux Server Supplementary 6 \n * Redhat Enterprise Linux Supplementary 5 Server \n * Redhat Enterprise Linux Workstation 6 \n * Redhat Enterprise Linux Workstation Optional 6 \n * Redhat Enterprise Linux Workstation Supplementary 6 \n * Redhat Network Satellite (for RHEL 5) 5.5 \n * Redhat Network Satellite (for RHEL 6) 5.5 \n * Schneider-Electric Trio TView Software 3.27.0 \n * SuSE CORE 9 \n * SuSE SUSE CORE 9 for x86 \n * SuSE SUSE Linux Enterprise Java 10 SP4 \n * SuSE SUSE Linux Enterprise Java 11 SP3 \n * SuSE SUSE Linux Enterprise Server 10 SP3 LTSS \n * SuSE SUSE Linux Enterprise Server 10 SP4 \n * SuSE SUSE Linux Enterprise Server 11 SP3 \n * SuSE SUSE Linux Enterprise Server 11 SP3 for VMware \n * SuSE SUSE Linux Enterprise Software Development Kit 11 SP3 \n * SuSE Suse Linux Enterprise Desktop 10 SP4 \n * SuSE Suse Linux Enterprise Desktop 11 SP2 \n * SuSE Suse Linux Enterprise Desktop 11 SP3 \n * SuSE openSUSE 11.4 \n * Sun JDK (Linux Production Release) 1.5.0 07 \n * Sun JDK (Linux Production Release) 1.5.0 22 \n * Sun JDK (Linux Production Release) 1.5.0 .0 05 \n * Sun JDK (Linux Production Release) 1.5.0 0 10 \n * Sun JDK (Linux Production Release) 1.5.0 01 \n * Sun JDK (Linux Production Release) 1.5.0 02 \n * Sun JDK (Linux Production Release) 1.5.0 06 \n * Sun JDK (Linux Production Release) 1.5.0 07-B03 \n * Sun JDK (Linux Production Release) 1.5.0 11-B03 \n * Sun JDK (Linux Production Release) 1.5.0 13 \n * Sun JDK (Linux Production Release) 1.5.0 14 \n * Sun JDK (Linux Production Release) 1.5.0 15 \n * Sun JDK (Linux Production Release) 1.5.0 16 \n * Sun JDK (Linux Production Release) 1.5.0 17 \n * Sun JDK (Linux Production Release) 1.5.0 18 \n * Sun JDK (Linux Production Release) 1.5.0 20 \n * Sun JDK (Linux Production Release) 1.5.0 23 \n * Sun JDK (Linux Production Release) 1.5.0 24 \n * Sun JDK (Linux Production Release) 1.5.0 \n * Sun JDK (Linux Production Release) 1.5.0.0 03 \n * Sun JDK (Linux Production Release) 1.5.0.0 04 \n * Sun JDK (Linux Production Release) 1.5.0.0 08 \n * Sun JDK (Linux Production Release) 1.5.0.0 09 \n * Sun JDK (Linux Production Release) 1.5.0.0 11 \n * Sun JDK (Linux Production Release) 1.5.0.0 12 \n * Sun JDK (Linux Production Release) 1.5.0_25 \n * Sun JDK (Linux Production Release) 1.5.0_26 \n * Sun JDK (Linux Production Release) 1.5.0_27 \n * Sun JDK (Linux Production Release) 1.5.0_28 \n * Sun JDK (Linux Production Release) 1.5.0_29 \n * Sun JDK (Linux Production Release) 1.5.0_30 \n * Sun JDK (Linux Production Release) 1.5.0_31 \n * Sun JDK (Linux Production Release) 1.5.0_32 \n * Sun JDK (Linux Production Release) 1.5.0_33 \n * Sun JDK (Linux Production Release) 1.5.0_35 \n * Sun JDK (Linux Production Release) 1.6.0 17 \n * Sun JDK (Linux Production Release) 1.6.0 01 \n * Sun JDK (Linux Production Release) 1.6.0 01-B06 \n * Sun JDK (Linux Production Release) 1.6.0 02 \n * Sun JDK (Linux Production Release) 1.6.0 03 \n * Sun JDK (Linux Production Release) 1.6.0 04 \n * Sun JDK (Linux Production Release) 1.6.0 05 \n * Sun JDK (Linux Production Release) 1.6.0 06 \n * Sun JDK (Linux Production Release) 1.6.0 07 \n * Sun JDK (Linux Production Release) 1.6.0 10 \n * Sun JDK (Linux Production Release) 1.6.0 11 \n * Sun JDK (Linux Production Release) 1.6.0 13 \n * Sun JDK (Linux Production Release) 1.6.0 14 \n * Sun JDK (Linux Production Release) 1.6.0 15 \n * Sun JDK (Linux Production Release) 1.6.0 18 \n * Sun JDK (Linux Production Release) 1.6.0 19 \n * Sun JDK (Linux Production Release) 1.6.0 20 \n * Sun JDK (Linux Production Release) 1.6.0 \n * Sun JDK (Linux Production Release) 1.6.0_21 \n * Sun JDK (Solaris Production Release) 1.5.0 22 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 03 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 04 \n * Sun JDK (Solaris Production Release) 1.5.0 .0 05 \n * Sun JDK (Solaris Production Release) 1.5.0 0 03 \n * Sun JDK (Solaris Production Release) 1.5.0 0 09 \n * Sun JDK (Solaris Production Release) 1.5.0 0 10 \n * Sun JDK (Solaris Production Release) 1.5.0 01 \n * Sun JDK (Solaris Production Release) 1.5.0 02 \n * Sun JDK (Solaris Production Release) 1.5.0 06 \n * Sun JDK (Solaris Production Release) 1.5.0 07-B03 \n * Sun JDK (Solaris Production Release) 1.5.0 11 \n * Sun JDK (Solaris Production Release) 1.5.0 11-B03 \n * Sun JDK (Solaris Production Release) 1.5.0 12 \n * Sun JDK (Solaris Production Release) 1.5.0 13 \n * Sun JDK (Solaris Production Release) 1.5.0 14 \n * Sun JDK (Solaris Production Release) 1.5.0 15 \n * Sun JDK (Solaris Production Release) 1.5.0 16 \n * Sun JDK (Solaris Production Release) 1.5.0 17 \n * Sun JDK (Solaris Production Release) 1.5.0 18 \n * Sun JDK (Solaris Production Release) 1.5.0 20 \n * Sun JDK (Solaris Production Release) 1.5.0 23 \n * Sun JDK (Solaris Production Release) 1.5.0 24 \n * Sun JDK (Solaris Production Release) 1.5.0_25 \n * Sun JDK (Solaris Production Release) 1.5.0_26 \n * Sun JDK (Solaris Production Release) 1.5.0_27 \n * Sun JDK (Solaris Production Release) 1.5.0_28 \n * Sun JDK (Solaris Production Release) 1.5.0_29 \n * Sun JDK (Solaris Production Release) 1.5.0_30 \n * Sun JDK (Solaris Production Release) 1.5.0_31 \n * Sun JDK (Solaris Production Release) 1.5.0_32 \n * Sun JDK (Solaris Production Release) 1.5.0_33 \n * Sun JDK (Solaris Production Release) 1.5.0_35 \n * Sun JDK (Solaris Production Release) 1.6.0 17 \n * Sun JDK (Solaris Production Release) 1.6.0 01 \n * Sun JDK (Solaris Production Release) 1.6.0 01-B06 \n * Sun JDK (Solaris Production Release) 1.6.0 02 \n * Sun JDK (Solaris Production Release) 1.6.0 03 \n * Sun JDK (Solaris Production Release) 1.6.0 04 \n * Sun JDK (Solaris Production Release) 1.6.0 05 \n * Sun JDK (Solaris Production Release) 1.6.0 06 \n * Sun JDK (Solaris Production Release) 1.6.0 07 \n * Sun JDK (Solaris Production Release) 1.6.0 10 \n * Sun JDK (Solaris Production Release) 1.6.0 11 \n * Sun JDK (Solaris Production Release) 1.6.0 13 \n * Sun JDK (Solaris Production Release) 1.6.0 14 \n * Sun JDK (Solaris Production Release) 1.6.0 15 \n * Sun JDK (Solaris Production Release) 1.6.0 18 \n * Sun JDK (Solaris Production Release) 1.6.0 19 \n * Sun JDK (Solaris Production Release) 1.6.0 20 \n * Sun JDK (Solaris Production Release) 1.6.0 \n * Sun JDK (Solaris Production Release) 1.6.0_21 \n * Sun JDK (Windows Production Release) 1.5.0 .0 03 \n * Sun JDK (Windows Production Release) 1.5.0 .0 04 \n * Sun JDK (Windows Production Release) 1.5.0 .0 05 \n * Sun JDK (Windows Production Release) 1.5.0 0 10 \n * Sun JDK (Windows Production Release) 1.5.0 01 \n * Sun JDK (Windows Production Release) 1.5.0 02 \n * Sun JDK (Windows Production Release) 1.5.0 07-B03 \n * Sun JDK (Windows Production Release) 1.5.0 11-B03 \n * Sun JDK (Windows Production Release) 1.5.0 12 \n * Sun JDK (Windows Production Release) 1.5.0 13 \n * Sun JDK (Windows Production Release) 1.5.0 14 \n * Sun JDK (Windows Production Release) 1.5.0 15 \n * Sun JDK (Windows Production Release) 1.5.0 16 \n * Sun JDK (Windows Production Release) 1.5.0 17 \n * Sun JDK (Windows Production Release) 1.5.0 18 \n * Sun JDK (Windows Production Release) 1.5.0 20 \n * Sun JDK (Windows Production Release) 1.5.0 22 \n * Sun JDK (Windows Production Release) 1.5.0 23 \n * Sun JDK (Windows Production Release) 1.5.0 24 \n * Sun JDK (Windows Production Release) 1.5.0.0 06 \n * Sun JDK (Windows Production Release) 1.5.0.0 08 \n * Sun JDK (Windows Production Release) 1.5.0.0 09 \n * Sun JDK (Windows Production Release) 1.5.0.0 11 \n * Sun JDK (Windows Production Release) 1.5.0.0 12 \n * Sun JDK (Windows Production Release) 1.5.0_25 \n * Sun JDK (Windows Production Release) 1.5.0_26 \n * Sun JDK (Windows Production Release) 1.5.0_27 \n * Sun JDK (Windows Production Release) 1.5.0_28 \n * Sun JDK (Windows Production Release) 1.5.0_29 \n * Sun JDK (Windows Production Release) 1.5.0_30 \n * Sun JDK (Windows Production Release) 1.5.0_31 \n * Sun JDK (Windows Production Release) 1.5.0_32 \n * Sun JDK (Windows Production Release) 1.5.0_33 \n * Sun JDK (Windows Production Release) 1.5.0_35 \n * Sun JDK (Windows Production Release) 1.6.0 17 \n * Sun JDK (Windows Production Release) 1.6.0 01 \n * Sun JDK (Windows Production Release) 1.6.0 01-B06 \n * Sun JDK (Windows Production Release) 1.6.0 02 \n * Sun JDK (Windows Production Release) 1.6.0 03 \n * Sun JDK (Windows Production Release) 1.6.0 04 \n * Sun JDK (Windows Production Release) 1.6.0 05 \n * Sun JDK (Windows Production Release) 1.6.0 06 \n * Sun JDK (Windows Production Release) 1.6.0 07 \n * Sun JDK (Windows Production Release) 1.6.0 10 \n * Sun JDK (Windows Production Release) 1.6.0 11 \n * Sun JDK (Windows Production Release) 1.6.0 13 \n * Sun JDK (Windows Production Release) 1.6.0 14 \n * Sun JDK (Windows Production Release) 1.6.0 15 \n * Sun JDK (Windows Production Release) 1.6.0 18 \n * Sun JDK (Windows Production Release) 1.6.0 19 \n * Sun JDK (Windows Production Release) 1.6.0 20 \n * Sun JDK (Windows Production Release) 1.6.0 \n * Sun JDK (Windows Production Release) 1.6.0_21 \n * Sun JRE (Linux Production Release) 1.5.0 22 \n * Sun JRE (Linux Production Release) 1.5.0 .0 Beta \n * Sun JRE (Linux Production Release) 1.5.0 01 \n * Sun JRE (Linux Production Release) 1.5.0 02 \n * Sun JRE (Linux Production Release) 1.5.0 03 \n * Sun JRE (Linux Production Release) 1.5.0 04 \n * Sun JRE (Linux Production Release) 1.5.0 05 \n * Sun JRE (Linux Production Release) 1.5.0 06 \n * Sun JRE (Linux Production Release) 1.5.0 07 \n * Sun JRE (Linux Production Release) 1.5.0 08 \n * Sun JRE (Linux Production Release) 1.5.0 09 \n * Sun JRE (Linux Production Release) 1.5.0 10 \n * Sun JRE (Linux Production Release) 1.5.0 11 \n * Sun JRE (Linux Production Release) 1.5.0 12 \n * Sun JRE (Linux Production Release) 1.5.0 13 \n * Sun JRE (Linux Production Release) 1.5.0 14 \n * Sun JRE (Linux Production Release) 1.5.0 15 \n * Sun JRE (Linux Production Release) 1.5.0 16 \n * Sun JRE (Linux Production Release) 1.5.0 17 \n * Sun JRE (Linux Production Release) 1.5.0 18 \n * Sun JRE (Linux Production Release) 1.5.0 20 \n * Sun JRE (Linux Production Release) 1.5.0 23 \n * Sun JRE (Linux Production Release) 1.5.0 \n * Sun JRE (Linux Production Release) 1.5.0_25 \n * Sun JRE (Linux Production Release) 1.5.0_26 \n * Sun JRE (Linux Production Release) 1.5.0_27 \n * Sun JRE (Linux Production Release) 1.5.0_28 \n * Sun JRE (Linux Production Release) 1.5.0_29 \n * Sun JRE (Linux Production Release) 1.5.0_30 \n * Sun JRE (Linux Production Release) 1.5.0_31 \n * Sun JRE (Linux Production Release) 1.5.0_32 \n * Sun JRE (Linux Production Release) 1.5.0_33 \n * Sun JRE (Linux Production Release) 1.5.0_35 \n * Sun JRE (Linux Production Release) 1.6.0 17 \n * Sun JRE (Linux Production Release) 1.6.0 01 \n * Sun JRE (Linux Production Release) 1.6.0 02 \n * Sun JRE (Linux Production Release) 1.6.0 03 \n * Sun JRE (Linux Production Release) 1.6.0 04 \n * Sun JRE (Linux Production Release) 1.6.0 05 \n * Sun JRE (Linux Production Release) 1.6.0 06 \n * Sun JRE (Linux Production Release) 1.6.0 07 \n * Sun JRE (Linux Production Release) 1.6.0 10 \n * Sun JRE (Linux Production Release) 1.6.0 11 \n * Sun JRE (Linux Production Release) 1.6.0 12 \n * Sun JRE (Linux Production Release) 1.6.0 13 \n * Sun JRE (Linux Production Release) 1.6.0 14 \n * Sun JRE (Linux Production Release) 1.6.0 15 \n * Sun JRE (Linux Production Release) 1.6.0 18 \n * Sun JRE (Linux Production Release) 1.6.0 19 \n * Sun JRE (Linux Production Release) 1.6.0 20 \n * Sun JRE (Linux Production Release) 1.6.0 \n * Sun JRE (Linux Production Release) 1.6.0_21 \n * Sun JRE (Linux Production Release) 1.7 \n * Sun JRE (Solaris Production Release) 1.5.0 01 \n * Sun JRE (Solaris Production Release) 1.5.0 22 \n * Sun JRE (Solaris Production Release) 1.5.0 02 \n * Sun JRE (Solaris Production Release) 1.5.0 03 \n * Sun JRE (Solaris Production Release) 1.5.0 04 \n * Sun JRE (Solaris Production Release) 1.5.0 05 \n * Sun JRE (Solaris Production Release) 1.5.0 06 \n * Sun JRE (Solaris Production Release) 1.5.0 10 \n * Sun JRE (Solaris Production Release) 1.5.0 11 \n * Sun JRE (Solaris Production Release) 1.5.0 12 \n * Sun JRE (Solaris Production Release) 1.5.0 13 \n * Sun JRE (Solaris Production Release) 1.5.0 14 \n * Sun JRE (Solaris Production Release) 1.5.0 15 \n * Sun JRE (Solaris Production Release) 1.5.0 16 \n * Sun JRE (Solaris Production Release) 1.5.0 17 \n * Sun JRE (Solaris Production Release) 1.5.0 18 \n * Sun JRE (Solaris Production Release) 1.5.0 20 \n * Sun JRE (Solaris Production Release) 1.5.0 23 \n * Sun JRE (Solaris Production Release) 1.5.0 \n * Sun JRE (Solaris Production Release) 1.5.0.0 07 \n * Sun JRE (Solaris Production Release) 1.5.0.0 08 \n * Sun JRE (Solaris Production Release) 1.5.0.0 09 \n * Sun JRE (Solaris Production Release) 1.5.0_25 \n * Sun JRE (Solaris Production Release) 1.5.0_26 \n * Sun JRE (Solaris Production Release) 1.5.0_27 \n * Sun JRE (Solaris Production Release) 1.5.0_28 \n * Sun JRE (Solaris Production Release) 1.5.0_29 \n * Sun JRE (Solaris Production Release) 1.5.0_30 \n * Sun JRE (Solaris Production Release) 1.5.0_31 \n * Sun JRE (Solaris Production Release) 1.5.0_32 \n * Sun JRE (Solaris Production Release) 1.5.0_33 \n * Sun JRE (Solaris Production Release) 1.5.0_35 \n * Sun JRE (Solaris Production Release) 1.6.0 17 \n * Sun JRE (Solaris Production Release) 1.6.0 01 \n * Sun JRE (Solaris Production Release) 1.6.0 02 \n * Sun JRE (Solaris Production Release) 1.6.0 03 \n * Sun JRE (Solaris Production Release) 1.6.0 04 \n * Sun JRE (Solaris Production Release) 1.6.0 05 \n * Sun JRE (Solaris Production Release) 1.6.0 06 \n * Sun JRE (Solaris Production Release) 1.6.0 07 \n * Sun JRE (Solaris Production Release) 1.6.0 10 \n * Sun JRE (Solaris Production Release) 1.6.0 11 \n * Sun JRE (Solaris Production Release) 1.6.0 12 \n * Sun JRE (Solaris Production Release) 1.6.0 13 \n * Sun JRE (Solaris Production Release) 1.6.0 14 \n * Sun JRE (Solaris Production Release) 1.6.0 15 \n * Sun JRE (Solaris Production Release) 1.6.0 18 \n * Sun JRE (Solaris Production Release) 1.6.0 19 \n * Sun JRE (Solaris Production Release) 1.6.0 2 \n * Sun JRE (Solaris Production Release) 1.6.0 \n * Sun JRE (Solaris Production Release) 1.6.0_21 \n * Sun JRE (Solaris Production Release) 1.7 \n * Sun JRE (Windows Production Release) 1.5.0 22 \n * Sun JRE (Windows Production Release) 1.5.0 01 \n * Sun JRE (Windows Production Release) 1.5.0 02 \n * Sun JRE (Windows Production Release) 1.5.0 03 \n * Sun JRE (Windows Production Release) 1.5.0 04 \n * Sun JRE (Windows Production Release) 1.5.0 05 \n * Sun JRE (Windows Production Release) 1.5.0 06 \n * Sun JRE (Windows Production Release) 1.5.0 10 \n * Sun JRE (Windows Production Release) 1.5.0 11 \n * Sun JRE (Windows Production Release) 1.5.0 12 \n * Sun JRE (Windows Production Release) 1.5.0 13 \n * Sun JRE (Windows Production Release) 1.5.0 14 \n * Sun JRE (Windows Production Release) 1.5.0 15 \n * Sun JRE (Windows Production Release) 1.5.0 16 \n * Sun JRE (Windows Production Release) 1.5.0 17 \n * Sun JRE (Windows Production Release) 1.5.0 18 \n * Sun JRE (Windows Production Release) 1.5.0 20 \n * Sun JRE (Windows Production Release) 1.5.0 23 \n * Sun JRE (Windows Production Release) 1.5.0 \n * Sun JRE (Windows Production Release) 1.5.0.0 07 \n * Sun JRE (Windows Production Release) 1.5.0.0 08 \n * Sun JRE (Windows Production Release) 1.5.0.0 09 \n * Sun JRE (Windows Production Release) 1.5.0_25 \n * Sun JRE (Windows Production Release) 1.5.0_26 \n * Sun JRE (Windows Production Release) 1.5.0_27 \n * Sun JRE (Windows Production Release) 1.5.0_28 \n * Sun JRE (Windows Production Release) 1.5.0_29 \n * Sun JRE (Windows Production Release) 1.5.0_30 \n * Sun JRE (Windows Production Release) 1.5.0_31 \n * Sun JRE (Windows Production Release) 1.5.0_32 \n * Sun JRE (Windows Production Release) 1.5.0_33 \n * Sun JRE (Windows Production Release) 1.5.0_35 \n * Sun JRE (Windows Production Release) 1.6.0 17 \n * Sun JRE (Windows Production Release) 1.6.0 01 \n * Sun JRE (Windows Production Release) 1.6.0 02 \n * Sun JRE (Windows Production Release) 1.6.0 03 \n * Sun JRE (Windows Production Release) 1.6.0 04 \n * Sun JRE (Windows Production Release) 1.6.0 05 \n * Sun JRE (Windows Production Release) 1.6.0 06 \n * Sun JRE (Windows Production Release) 1.6.0 07 \n * Sun JRE (Windows Production Release) 1.6.0 10 \n * Sun JRE (Windows Production Release) 1.6.0 11 \n * Sun JRE (Windows Production Release) 1.6.0 12 \n * Sun JRE (Windows Production Release) 1.6.0 13 \n * Sun JRE (Windows Production Release) 1.6.0 14 \n * Sun JRE (Windows Production Release) 1.6.0 15 \n * Sun JRE (Windows Production Release) 1.6.0 18 \n * Sun JRE (Windows Production Release) 1.6.0 19 \n * Sun JRE (Windows Production Release) 1.6.0 2 \n * Sun JRE (Windows Production Release) 1.6.0 20 \n * Sun JRE (Windows Production Release) 1.6.0 \n * Sun JRE (Windows Production Release) 1.6.0_21 \n * Sun JRE (Windows Production Release) 1.7 \n * Ubuntu Ubuntu Linux 10.04 LTS \n * Ubuntu Ubuntu Linux 12.04 LTS \n * Xerox FreeFlow Print Server (FFPS) 73.C5.11 \n * Xerox FreeFlow Print Server (FFPS) 73.D2.33 \n * Xerox FreeFlow Print Server (FFPS) 81.D0.73 \n * Xerox FreeFlow Print Server (FFPS) 82.D1.44 \n * Xerox FreeFlow Print Server (FFPS) 91.D2.32 \n * Xerox FreeFlow Print Server (FFPS) 93.E0.21C \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Set web browser security to disable the execution of script code or active content.** \nDisabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as non-executable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2013-06-18T00:00:00", "published": "2013-06-18T00:00:00", "id": "SMNTC-60651", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/60651", "type": "symantec", "title": "Oracle Java SE CVE-2013-2470 Memory Corruption Vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:01:30", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2470"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-81632", "id": "SSV:81632", "sourceData": "\n # Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\r\n# Google Dork:\r\n# Date: 2013-09-03\r\n# Exploit Author: GuHe\r\n# Vendor Homepage: http://www.oracle.com/\r\n# Software Link:\r\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\r\n# Version: 7u21 and eariler\r\n# Tested on: Windows 7\r\n# CVE : CVE-2013-2470\r\n\r\nPoC: http://www.exploit-db.com/sploits/28050.zip\r\n\r\n\r\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\r\noverflow\r\n\r\n\r\n1. Affected Software\r\nJRE 7 update 21 and earlier\r\nJRE 6 update 45 and earlier\r\n\r\n\r\n2. Root cause analysis\r\n\r\nThe "Java_sun_awt_image_ImagingLib_lookupByteBI" performs byte lookup\r\noperation on two BufferedImage.\r\n\r\nIn the following code:\r\n\r\n /* Mlib needs 16bit lookuptable and must be signed! */\r\n if (src->type == MLIB_SHORT) {\r\n unsigned short *sdataP = (unsigned short *) src->data;\r\n unsigned short *sP;\r\n if (dst->type == MLIB_BYTE) {\r\n unsigned char *cdataP = (unsigned char *) dst->data;\r\n unsigned char *cP;\r\n if (nbands > 1) {\r\n retStatus = 0;\r\n }\r\n else {\r\n int x, y;\r\n for (y=0; y < src->height; y++) {\r\n cP = cdataP;\r\n sP = sdataP;\r\n for (x=0; x < src->width; x++) {\r\n *cP++ = table[0][*sP++];\r\n }\r\n\r\n /*\r\n * 4554571: increment pointers using the scanline stride\r\n * in pixel units (not byte units)\r\n */\r\n cdataP += dstImageP->raster.scanlineStride;\r\n sdataP += srcImageP->raster.scanlineStride;\r\n }\r\n }\r\n }\r\n /* How about ddata == null? */\r\n }\r\n\r\nIt tries to map data in src raster to the dst raster. The total bytes\r\nwritten to dst rater buffer is:\r\n(src->width) * (src->height). However, it does not correctly check the size\r\nof the dst buffer, if the size of the\r\ndst buffer is smaller than (src->width) * (src->height), it will be\r\noverflowed.\r\n\r\n\r\n3. Poc\r\nSee "TestByteBI.java" for the source code.\r\nAnd you can test the poc by directly open the "HelloApplet.html" in a web\r\nbrowser.\r\n\r\n\r\n4. Tested on\r\nJRE 7 update 21 on Windows 7 Enterprise\n ", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-81632"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:39", "description": "\nOracle Java lookUpByteBI - Heap Buffer Overflow", "edition": 1, "published": "2013-09-03T00:00:00", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2470"], "modified": "2013-09-03T00:00:00", "id": "EXPLOITPACK:BC947F589F8954E3EC30A687251D828E", "href": "", "sourceData": "# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\n# Google Dork:\n# Date: 2013-09-03\n# Exploit Author: GuHe\n# Vendor Homepage: http://www.oracle.com/\n# Software Link:\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\n# Version: 7u21 and eariler\n# Tested on: Windows 7\n# CVE : CVE-2013-2470\n\nPoC: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/28050.zip\n\n\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\noverflow\n\n\n1. Affected Software\nJRE 7 update 21 and earlier\nJRE 6 update 45 and earlier\n\n\n2. Root cause analysis\n\nThe \"Java_sun_awt_image_ImagingLib_lookupByteBI\" performs byte lookup\noperation on two BufferedImage.\n\nIn the following code:\n\n /* Mlib needs 16bit lookuptable and must be signed! */\n if (src->type == MLIB_SHORT) {\n unsigned short *sdataP = (unsigned short *) src->data;\n unsigned short *sP;\n if (dst->type == MLIB_BYTE) {\n unsigned char *cdataP = (unsigned char *) dst->data;\n unsigned char *cP;\n if (nbands > 1) {\n retStatus = 0;\n }\n else {\n int x, y;\n for (y=0; y < src->height; y++) {\n cP = cdataP;\n sP = sdataP;\n for (x=0; x < src->width; x++) {\n *cP++ = table[0][*sP++];\n }\n\n /*\n * 4554571: increment pointers using the scanline stride\n * in pixel units (not byte units)\n */\n cdataP += dstImageP->raster.scanlineStride;\n sdataP += srcImageP->raster.scanlineStride;\n }\n }\n }\n /* How about ddata == null? */\n }\n\nIt tries to map data in src raster to the dst raster. The total bytes\nwritten to dst rater buffer is:\n(src->width) * (src->height). However, it does not correctly check the size\nof the dst buffer, if the size of the\ndst buffer is smaller than (src->width) * (src->height), it will be\noverflowed.\n\n\n3. Poc\nSee \"TestByteBI.java\" for the source code.\nAnd you can test the poc by directly open the \"HelloApplet.html\" in a web\nbrowser.\n\n\n4. Tested on\nJRE 7 update 21 on Windows 7 Enterprise", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-03T07:19:22", "description": "Oracle Java lookUpByteBI - Heap Buffer Overflow. CVE-2013-2470. Dos exploit for windows platform", "published": "2013-09-03T00:00:00", "type": "exploitdb", "title": "Oracle Java lookUpByteBI - Heap Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-2470"], "modified": "2013-09-03T00:00:00", "id": "EDB-ID:28050", "href": "https://www.exploit-db.com/exploits/28050/", "sourceData": "# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow\r\n# Google Dork:\r\n# Date: 2013-09-03\r\n# Exploit Author: GuHe\r\n# Vendor Homepage: http://www.oracle.com/\r\n# Software Link:\r\nhttp://www.oracle.com/technetwork/java/javase/downloads/index.html\r\n# Version: 7u21 and eariler\r\n# Tested on: Windows 7\r\n# CVE : CVE-2013-2470\r\n\r\nPoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28050.zip\r\n\r\n\r\nCVE-2013-2470 - Java_sun_awt_image_ImagingLib_lookupByteBI heap buffer\r\noverflow\r\n\r\n\r\n1. Affected Software\r\nJRE 7 update 21 and earlier\r\nJRE 6 update 45 and earlier\r\n\r\n\r\n2. Root cause analysis\r\n\r\nThe \"Java_sun_awt_image_ImagingLib_lookupByteBI\" performs byte lookup\r\noperation on two BufferedImage.\r\n\r\nIn the following code:\r\n\r\n /* Mlib needs 16bit lookuptable and must be signed! */\r\n if (src->type == MLIB_SHORT) {\r\n unsigned short *sdataP = (unsigned short *) src->data;\r\n unsigned short *sP;\r\n if (dst->type == MLIB_BYTE) {\r\n unsigned char *cdataP = (unsigned char *) dst->data;\r\n unsigned char *cP;\r\n if (nbands > 1) {\r\n retStatus = 0;\r\n }\r\n else {\r\n int x, y;\r\n for (y=0; y < src->height; y++) {\r\n cP = cdataP;\r\n sP = sdataP;\r\n for (x=0; x < src->width; x++) {\r\n *cP++ = table[0][*sP++];\r\n }\r\n\r\n /*\r\n * 4554571: increment pointers using the scanline stride\r\n * in pixel units (not byte units)\r\n */\r\n cdataP += dstImageP->raster.scanlineStride;\r\n sdataP += srcImageP->raster.scanlineStride;\r\n }\r\n }\r\n }\r\n /* How about ddata == null? */\r\n }\r\n\r\nIt tries to map data in src raster to the dst raster. The total bytes\r\nwritten to dst rater buffer is:\r\n(src->width) * (src->height). However, it does not correctly check the size\r\nof the dst buffer, if the size of the\r\ndst buffer is smaller than (src->width) * (src->height), it will be\r\noverflowed.\r\n\r\n\r\n3. Poc\r\nSee \"TestByteBI.java\" for the source code.\r\nAnd you can test the poc by directly open the \"HelloApplet.html\" in a web\r\nbrowser.\r\n\r\n\r\n4. Tested on\r\nJRE 7 update 21 on Windows 7 Enterprise", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/28050/"}], "zdi": [{"lastseen": "2020-06-22T11:41:21", "bulletinFamily": "info", "cvelist": ["CVE-2013-2470"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific vulnerability is an array indexing flaw inside the Java AWT imaging library allowing for memory corruption. An attacker could leverage this vulnerability into remote execution of arbitrary code as the current user.", "modified": "2013-06-22T00:00:00", "published": "2013-06-27T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-13-158/", "id": "ZDI-13-158", "title": "Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T15:15:07", "description": "IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security\nissues.\n\nPlease see also http://www.ibm.com/developerworks/java/jdk/alerts/\n\nAlso the following bug has been fixed :\n\n - mark files in jre/bin and bin/ as executable\n (bnc#823034)", "edition": 15, "published": "2013-07-28T00:00:00", "title": "SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "modified": "2013-07-28T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-8652.NASL", "href": "https://www.tenable.com/plugins/nessus/69092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69092);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2456\", \"CVE-2013-2459\", \"CVE-2013-2463\", \"CVE-2013-2464\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\", \"CVE-2013-3009\", \"CVE-2013-3011\", \"CVE-2013-3012\");\n\n script_name(english:\"SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security\nissues.\n\nPlease see also http://www.ibm.com/developerworks/java/jdk/alerts/\n\nAlso the following bug has been fixed :\n\n - mark files in jre/bin and bin/ as executable\n (bnc#823034)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2464.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8652.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-1.4.2_sr13.18-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.18-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.7.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:38:53", "description": "IBM Java 1.4.2 was updated to SR13-FP18 to fix bugs and security\nissues.\n\nPlease see also http://www.ibm.com/developerworks/java/jdk/alerts/\n\nAlso the following bug has been fixed :\n\n - mark files in jre/bin and bin/ as executable\n (bnc#823034)", "edition": 17, "published": "2013-07-28T00:00:00", "title": "SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "modified": "2013-07-28T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin", "p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm"], "id": "SUSE_11_JAVA-1_4_2-IBM-130723.NASL", "href": "https://www.tenable.com/plugins/nessus/69090", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69090);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2456\", \"CVE-2013-2459\", \"CVE-2013-2463\", \"CVE-2013-2464\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\", \"CVE-2013-3009\", \"CVE-2013-3011\", \"CVE-2013-3012\");\n\n script_name(english:\"SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to SR13-FP18 to fix bugs and security\nissues.\n\nPlease see also http://www.ibm.com/developerworks/java/jdk/alerts/\n\nAlso the following bug has been fixed :\n\n - mark files in jre/bin and bin/ as executable\n (bnc#823034)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=823034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2464.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-3012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8109.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_4_2-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:2, reference:\"java-1_4_2-ibm-1.4.2_sr13.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-jdbc-1.4.2_sr13.18-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:2, cpu:\"i586\", reference:\"java-1_4_2-ibm-plugin-1.4.2_sr13.18-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:46", "description": "Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 24, "published": "2013-07-05T00:00:00", "title": "CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-05T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:java-1.6.0-openjdk", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-src", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo", "p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-1014.NASL", "href": "https://www.tenable.com/plugins/nessus/67183", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1014 and \n# CentOS Errata and Security Advisory 2013:1014 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67183);\n script_version(\"1.30\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n script_bugtraq_id(60617, 60618, 60619, 60620, 60623, 60627, 60629, 60632, 60633, 60634, 60638, 60639, 60640, 60641, 60644, 60645, 60646, 60647, 60651, 60653, 60655, 60656, 60657, 60658, 60659);\n script_xref(name:\"RHSA\", value:\"2013:1014\");\n\n script_name(english:\"CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-July/019834.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9cb22e4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-July/019835.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2e444c8f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-2459\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:38", "description": "Multiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout- of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.", "edition": 14, "published": "2013-07-05T00:00:00", "title": "Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-05T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel", "p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130703_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/67185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67185);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n\n script_name(english:\"Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout- of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nAll running instances of OpenJDK Java must be restarted for the update\nto take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1307&L=scientific-linux-errata&T=0&P=304\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?00dcb228\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:48:00", "description": "From Red Hat Security Advisory 2013:1014 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 21, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk", "p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc"], "id": "ORACLELINUX_ELSA-2013-1014.NASL", "href": "https://www.tenable.com/plugins/nessus/68842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:1014 and \n# Oracle Linux Security Advisory ELSA-2013-1014 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68842);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n script_bugtraq_id(60617, 60618, 60619, 60620, 60623, 60627, 60629, 60632, 60633, 60634, 60638, 60639, 60640, 60641, 60644, 60645, 60646, 60647, 60651, 60653, 60655, 60656, 60657, 60658, 60659);\n script_xref(name:\"RHSA\", value:\"2013:1014\");\n\n script_name(english:\"Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:1014 :\n\nUpdated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-July/003560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-July/003561.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected java-1.6.0-openjdk packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.0.1.el5_9\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.0.1.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-demo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T01:22:50", "description": "Multiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470 ,\nCVE-2013-2471 , CVE-2013-2472 , CVE-2013-2473 , CVE-2013-2463 ,\nCVE-2013-2465 , CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448 , CVE-2013-2457 , CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456 ,\nCVE-2013-2447 , CVE-2013-2455 , CVE-2013-2452 , CVE-2013-2443 ,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444 , CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407 , CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)", "edition": 26, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo"], "id": "ALA_ALAS-2013-207.NASL", "href": "https://www.tenable.com/plugins/nessus/69765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-207.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69765);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n script_xref(name:\"ALAS\", value:\"2013-207\");\n script_xref(name:\"RHSA\", value:\"2013:1014\");\n\n script_name(english:\"Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470 ,\nCVE-2013-2471 , CVE-2013-2472 , CVE-2013-2473 , CVE-2013-2463 ,\nCVE-2013-2465 , CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448 , CVE-2013-2457 , CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456 ,\nCVE-2013-2447 , CVE-2013-2455 , CVE-2013-2452 , CVE-2013-2443 ,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444 , CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407 , CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-207.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update java-1.6.0-openjdk' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:40", "description": "Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.", "edition": 24, "published": "2013-07-05T00:00:00", "title": "RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk", "p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo"], "id": "REDHAT-RHSA-2013-1014.NASL", "href": "https://www.tenable.com/plugins/nessus/67184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1014. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67184);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n script_bugtraq_id(60617, 60618, 60619, 60620, 60623, 60627, 60629, 60632, 60633, 60634, 60638, 60639, 60640, 60641, 60644, 60645, 60646, 60647, 60651, 60653, 60655, 60656, 60657, 60658, 60659);\n script_xref(name:\"RHSA\", value:\"2013:1014\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.6.0-openjdk packages that fix various security issues\nare now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image\nattribute, channel, layout and raster processing in the 2D component.\nAn untrusted Java application or applet could possibly use these flaws\nto trigger Java Virtual Machine memory corruption. (CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463,\nCVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain\ninput. An attacker could use these flaws to execute arbitrary code\nwith the privileges of the user running an untrusted Java applet or\napplication. (CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound\nand JMX components in OpenJDK. An untrusted Java application or applet\ncould use these flaws to bypass Java sandbox restrictions.\n(CVE-2013-2448, CVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet\nto gain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443,\nCVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage\ncertain resources and that the ObjectStreamClass of the Serialization\ncomponent did not properly handle circular references. An untrusted\nJava application or applet could possibly use these flaws to cause a\ndenial of service. (CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain\nerrors related to XML security and the class loader. A remote attacker\ncould possibly exploit these flaws to bypass intended security\nmechanisms or disclose potentially sensitive information and cause a\ndenial of service. (CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this\nflaw to gain access to potentially sensitive information.\n(CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to\na frame injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form\non the site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments\nwith insecure permissions. A local attacker could use this flaw to\nread or write to the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and\nTim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these\nupdated packages, which resolve these issues. All running instances of\nOpenJDK Java must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2407\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2444\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.6.0-openjdk-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1014\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.41.1.11.11.90.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-debuginfo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-demo-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-devel-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-javadoc-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.6.0-openjdk-src-1.6.0.0-1.62.1.11.11.90.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.6.0-openjdk / java-1.6.0-openjdk-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:47:59", "description": "Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.", "edition": 15, "published": "2013-07-28T00:00:00", "title": "Debian DSA-2727-1 : openjdk-6 - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-28T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:openjdk-6", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2727.NASL", "href": "https://www.tenable.com/plugins/nessus/69084", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2727. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69084);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2451\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n script_bugtraq_id(60617, 60618, 60619, 60620, 60623, 60625, 60627, 60629, 60632, 60633, 60634, 60638, 60639, 60640, 60641, 60644, 60645, 60646, 60647, 60651, 60653, 60655, 60656, 60657, 60658, 60659);\n script_xref(name:\"DSA\", value:\"2727\");\n\n script_name(english:\"Debian DSA-2727-1 : openjdk-6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information\ndisclosure or denial of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/openjdk-6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2727\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the openjdk-6 packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 6b27-1.12.6-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 6b27-1.12.6-1~deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openjdk-6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-dbg\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-demo\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-doc\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jdk\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"openjdk-6-source\", reference:\"6b27-1.12.6-1~deb6u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-cacao\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"icedtea-6-jre-jamvm\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-dbg\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-demo\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-doc\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jdk\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-headless\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-lib\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-jre-zero\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"openjdk-6-source\", reference:\"6b27-1.12.6-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:39:25", "description": "java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version.\n\nSecurity fixes :\n\n - S6741606, CVE-2013-2407: Integrate Apache Santuario\n\n - S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n\n - S7170730, CVE-2013-2451: Improve Windows network stack\n support.\n\n - S8000638, CVE-2013-2450: Improve deserialization\n\n - S8000642, CVE-2013-2446: Better handling of objects for\n transportation\n\n - S8001032: Restrict object access\n\n - S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n\n - S8001034, CVE-2013-1500: Memory management improvements\n\n - S8001038, CVE-2013-2444: Resourcefully handle resources\n\n - S8001043: Clarify definition restrictions\n\n - S8001309: Better handling of annotation interfaces\n\n - S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n\n - S8001330, CVE-2013-2443: Improve on checking order\n\n - S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n\n - S8004584: Augment applet contextualization\n\n - S8005007: Better glyph processing\n\n - S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n\n - S8006611: Improve scripting\n\n - S8007467: Improve robustness of JMX internal APIs\n\n - S8007471: Improve MBean notifications\n\n - S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n\n - S8008120, CVE-2013-2457: Improve JMX class checking\n\n - S8008124, CVE-2013-2453: Better compliance testing\n\n - S8008128: Better API coherence for JMX\n\n - S8008132, CVE-2013-2456: Better serialization support\n\n - S8008585: Better JMX data handling\n\n - S8008593: Better URLClassLoader resource management\n\n - S8008603: Improve provision of JMX providers", "edition": 17, "published": "2013-07-24T00:00:00", "title": "SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "modified": "2013-07-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel", "p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo"], "id": "SUSE_11_JAVA-1_6_0-OPENJDK-130718.NASL", "href": "https://www.tenable.com/plugins/nessus/69029", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69029);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2451\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\");\n\n script_name(english:\"SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"java-1_6_0-openjdk has been updated to Icedtea6-1.12.6 version.\n\nSecurity fixes :\n\n - S6741606, CVE-2013-2407: Integrate Apache Santuario\n\n - S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n\n - S7170730, CVE-2013-2451: Improve Windows network stack\n support.\n\n - S8000638, CVE-2013-2450: Improve deserialization\n\n - S8000642, CVE-2013-2446: Better handling of objects for\n transportation\n\n - S8001032: Restrict object access\n\n - S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n\n - S8001034, CVE-2013-1500: Memory management improvements\n\n - S8001038, CVE-2013-2444: Resourcefully handle resources\n\n - S8001043: Clarify definition restrictions\n\n - S8001309: Better handling of annotation interfaces\n\n - S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n\n - S8001330, CVE-2013-2443: Improve on checking order\n\n - S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n\n - S8004584: Augment applet contextualization\n\n - S8005007: Better glyph processing\n\n - S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n\n - S8006611: Improve scripting\n\n - S8007467: Improve robustness of JMX internal APIs\n\n - S8007471: Improve MBean notifications\n\n - S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n\n - S8008120, CVE-2013-2457: Improve JMX class checking\n\n - S8008124, CVE-2013-2453: Better compliance testing\n\n - S8008128: Better API coherence for JMX\n\n - S8008132, CVE-2013-2456: Better serialization support\n\n - S8008585: Better JMX data handling\n\n - S8008593: Better URLClassLoader resource management\n\n - S8008603: Improve provision of JMX providers\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=829708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1500.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-1571.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2407.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2412.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2443.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2444.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2445.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2446.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2447.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2448.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2450.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2452.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2453.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2455.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2456.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2457.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2459.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2461.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2463.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2465.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2469.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2471.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-2473.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8084.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:java-1_6_0-openjdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, \"SuSE 11.2\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"i586\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-demo-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:2, cpu:\"x86_64\", reference:\"java-1_6_0-openjdk-devel-1.6.0.0_b27.1.12.6-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:51", "description": "Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447,\nCVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454,\nCVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459,\nCVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469,\nCVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,\nCVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP3 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.", "edition": 25, "published": "2013-07-17T00:00:00", "title": "RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:1081)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "modified": "2013-07-17T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:5.9", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin"], "id": "REDHAT-RHSA-2013-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/68922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1081. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68922);\n script_version(\"1.37\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2446\", \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2454\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2459\", \"CVE-2013-2463\", \"CVE-2013-2464\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\", \"CVE-2013-2473\", \"CVE-2013-3009\", \"CVE-2013-3011\", \"CVE-2013-3012\", \"CVE-2013-3743\", \"CVE-2013-4002\");\n script_bugtraq_id(60617, 60619, 60620, 60623, 60626, 60627, 60629, 60631, 60632, 60633, 60634, 60638, 60640, 60641, 60646, 60647, 60650, 60651, 60655, 60656, 60657, 60658, 60659);\n script_xref(name:\"RHSA\", value:\"2013:1081\");\n\n script_name(english:\"RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:1081)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated java-1.5.0-ibm packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the\nIBM Java Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts\npage, listed in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447,\nCVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2454,\nCVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459,\nCVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469,\nCVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,\nCVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as\nthe original reporter of CVE-2013-1571.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP3 release. All running\ninstances of IBM Java must be restarted for this update to take\neffect.\"\n );\n # https://www.ibm.com/developerworks/java/jdk/alerts/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://developer.ibm.com/javasdk/support/security-vulnerabilities/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2473\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2443\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-2464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-3012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4002\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-accessibility\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-javacomm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5\\.9|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.9 / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1081\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", cpu:\"i386\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"9\", reference:\"java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390\", reference:\"java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el6_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.5.0-ibm / java-1.5.0-ibm-accessibility / java-1.5.0-ibm-demo / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:57:01", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "description": "IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs\n and security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bug has been fixed:\n\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "edition": 1, "modified": "2013-07-27T17:04:24", "published": "2013-07-27T17:04:24", "id": "SUSE-SU-2013:1264-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html", "type": "suse", "title": "Security update for java-1_4_2-ibm (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-1500", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447"], "edition": 1, "description": "IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs\n and security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469,\n CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473,\n CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459,\n CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also following bug has been fixed:\n\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n\n", "modified": "2013-08-05T20:04:12", "published": "2013-08-05T20:04:12", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00001.html", "id": "SUSE-SU-2013:1293-2", "type": "suse", "title": "Security update for IBM Java 1.4.2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:12", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "java-1_6_0-openjdk has been updated to Icedtea6-1.12.6\n version.\n\n Security fixes:\n\n * S6741606, CVE-2013-2407: Integrate Apache Santuario\n * S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n * S7170730, CVE-2013-2451: Improve Windows network\n stack support.\n * S8000638, CVE-2013-2450: Improve deserialization\n * S8000642, CVE-2013-2446: Better handling of objects\n for transportation\n * S8001032: Restrict object access\n * S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n * S8001034, CVE-2013-1500: Memory management\n improvements\n * S8001038, CVE-2013-2444: Resourcefully handle\n resources\n * S8001043: Clarify definition restrictions\n * S8001309: Better handling of annotation interfaces\n * S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n * S8001330, CVE-2013-2443: Improve on checking order\n * S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n * S8004584: Augment applet contextualization\n * S8005007: Better glyph processing\n * S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n * S8006611: Improve scripting\n * S8007467: Improve robustness of JMX internal APIs\n * S8007471: Improve MBean notifications\n * S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n * S8008120, CVE-2013-2457: Improve JMX class checking\n * S8008124, CVE-2013-2453: Better compliance testing\n * S8008128: Better API coherence for JMX\n * S8008132, CVE-2013-2456: Better serialization support\n * S8008585: Better JMX data handling\n * S8008593: Better URLClassLoader resource management\n * S8008603: Improve provision of JMX providers\n", "edition": 1, "modified": "2013-07-23T22:04:14", "published": "2013-07-23T22:04:14", "id": "SUSE-SU-2013:1238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00024.html", "title": "Security update for java-1_6_0-openjdk (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "description": "IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and\n security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002,\n CVE-2013-2469, CVE-2013-2465, CVE-2013-2464,\n CVE-2013-2463, CVE-2013-2473, CVE-2013-2472,\n CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-3743,\n CVE-2013-2448, CVE-2013-2454, CVE-2013-2456,\n CVE-2013-2457, CVE-2013-2455, CVE-2013-2443,\n CVE-2013-2447, CVE-2013-2444, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1571, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n\n Additionally, the following bugs have been fixed: - Add\n Europe/Busingen to tzmappings (bnc#817062) - Mark files in\n jre/bin and bin/ as executable (bnc#823034).\n\n Security Issues:\n\n * CVE-2013-3009\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3009</a>\n >\n * CVE-2013-3011\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3011</a>\n >\n * CVE-2013-3012\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3012</a>\n >\n * CVE-2013-2469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469</a>\n >\n * CVE-2013-4002\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002</a>\n >\n * CVE-2013-2465\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465</a>\n >\n * CVE-2013-2464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464</a>\n >\n * CVE-2013-2463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463</a>\n >\n * CVE-2013-2473\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473</a>\n >\n * CVE-2013-2472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472</a>\n >\n * CVE-2013-2471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471</a>\n >\n * CVE-2013-2470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470</a>\n >\n * CVE-2013-2459\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459</a>\n >\n * CVE-2013-3743\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743</a>\n >\n * CVE-2013-2448\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448</a>\n >\n * CVE-2013-2454\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454</a>\n >\n * CVE-2013-2457\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457</a>\n >\n * CVE-2013-2456\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456</a>\n >\n * CVE-2013-2455\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455</a>\n >\n * CVE-2013-2443\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443</a>\n >\n * CVE-2013-2444\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444</a>\n >\n * CVE-2013-2447\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447</a>\n >\n * CVE-2013-2452\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452</a>\n >\n * CVE-2013-2446\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446</a>\n >\n * CVE-2013-2450\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450</a>\n >\n * CVE-2013-1571\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571</a>\n >\n * CVE-2013-1500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500</a>\n >\n\n\n", "edition": 1, "modified": "2013-07-30T17:04:11", "published": "2013-07-30T17:04:11", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00032.html", "id": "SUSE-SU-2013:1263-2", "title": "Security update for java-1_5_0-ibm (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:14:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "description": "IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and\n security issues:\n\n CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-4002\n CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463,\n CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470,\n CVE-2013-2459, CVE-2013-3743, CVE-2013-2448, CVE-2013-2454,\n CVE-2013-2456 CVE-2013-2457, CVE-2013-2455, CVE-2013-2443,\n CVE-2013-2447 CVE-2013-2444, CVE-2013-2452, CVE-2013-2446,\n CVE-2013-2450, CVE-2013-1571, CVE-2013-1500\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n\n\n", "edition": 1, "modified": "2013-08-02T23:04:12", "published": "2013-08-02T23:04:12", "id": "SUSE-SU-2013:1293-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html", "type": "suse", "title": "Security update for IBMJava5 JRE and IBMJava5 SDK (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:37", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455"], "description": "IBM Java 1.5.0 has been updated to SR16-FP3 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bug has been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "edition": 1, "modified": "2013-07-27T17:04:14", "published": "2013-07-27T17:04:14", "id": "SUSE-SU-2013:1263-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html", "type": "suse", "title": "Security update for java-1_5_0-ibm (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "This update to icedtea-2.4.1 fixes various security issues:\n\n * S6741606, CVE-2013-2407: Integrate Apache Santuario\n * S7158805, CVE-2013-2445: Better rewriting of nested\n subroutine calls\n * S7170730, CVE-2013-2451: Improve Windows network\n stack support.\n * S8000638, CVE-2013-2450: Improve deserialization\n * S8000642, CVE-2013-2446: Better handling of objects\n for transportation\n * S8001033, CVE-2013-2452: Refactor network address\n handling in virtual machine identifiers\n * S8001034, CVE-2013-1500: Memory management\n improvements\n * S8001038, CVE-2013-2444: Resourcefully handle\n resources\n * S8001318, CVE-2013-2447: Socket.getLocalAddress not\n consistent with InetAddress.getLocalHost\n * S8001330, CVE-2013-2443: Improve on checking order\n (non-Zero builds only)\n * S8003703, CVE-2013-2412: Update RMI connection dialog\n box\n * S8004288, CVE-2013-2449: (fs) Files.probeContentType\n problems\n * S8006328, CVE-2013-2448: Improve robustness of sound\n classes\n * S8007812, CVE-2013-2455: (reflect)\n Class.getEnclosingMethod problematic for some classes\n * S8008120, CVE-2013-2457: Improve JMX class checking\n * S8008124, CVE-2013-2453: Better compliance testing\n * S8008132, CVE-2013-2456: Better serialization support\n * S8008744, CVE-2013-2407: Rework part of fix for\n JDK-6741606\n * S8009057, CVE-2013-2448: Improve MIDI event handling\n * S8009071, CVE-2013-2459: Improve shape handling\n * S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292\n implementation change\n * S8009554, CVE-2013-2454: Improve\n SerialJavaObject.getFields\n * S8010209, CVE-2013-2460: Better provision of factories\n * S8011243, CVE-2013-2470: Improve ImagingLib\n * S8011248, CVE-2013-2471: Better Component Rasters\n * S8011253, CVE-2013-2472: Better Short Component\n Rasters\n * S8011257, CVE-2013-2473: Better Byte Component Rasters\n * S8012375, CVE-2013-1571: Improve Javadoc framing\n * S8012438, CVE-2013-2463: Better image validation\n * S8012597, CVE-2013-2465: Better image channel\n verification\n * S8012601, CVE-2013-2469: Better validation of image\n layouts\n * S8014281, CVE-2013-2461: Better checking of XML\n signature\n", "edition": 1, "modified": "2013-07-25T16:04:14", "published": "2013-07-25T16:04:14", "id": "SUSE-SU-2013:1254-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00025.html", "type": "suse", "title": "Security update for java-1_7_0-openjdk (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-3008", "CVE-2013-3006", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2462", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-3007", "CVE-2013-2471", "CVE-2013-3010", "CVE-2013-2464", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2400", "CVE-2013-2472", "CVE-2013-3744", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2460", "CVE-2013-2466"], "description": "IBM Java 1.7.0 has been updated to SR5 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "edition": 1, "modified": "2013-07-25T20:04:17", "published": "2013-07-25T20:04:17", "id": "SUSE-SU-2013:1256-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html", "type": "suse", "title": "Security update for java-1_7_0-ibm (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2466"], "description": "IBM Java 1.6.0 was updated to SR14 to fix bugs and security\n issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n", "edition": 1, "modified": "2013-07-30T19:04:11", "published": "2013-07-30T19:04:11", "id": "SUSE-SU-2013:1255-3", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00033.html", "type": "suse", "title": "Security update for IBM Java 1.6.0 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:09:50", "bulletinFamily": "unix", "cvelist": ["CVE-2013-3012", "CVE-2013-2468", "CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-4002", "CVE-2013-3011", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-3009", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2437", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2466"], "description": "IBM Java 1.6.0 has been updated to SR14 to fix bugs and\n security issues.\n\n Please see also\n <a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>\n <<a rel=\"nofollow\" href=\"http://www.ibm.com/developerworks/java/jdk/alerts/\">http://www.ibm.com/developerworks/java/jdk/alerts/</a>>\n\n Also the following bugs have been fixed:\n\n * add Europe/Busingen to tzmappings (bnc#817062)\n * mark files in jre/bin and bin/ as executable\n (bnc#823034)\n * check if installed qa_filelist is not empty\n (bnc#831936)\n", "edition": 1, "modified": "2013-08-06T23:04:12", "published": "2013-08-06T23:04:12", "id": "SUSE-SU-2013:1305-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html", "title": "Security update for IBM Java 1.6.0 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-06-08T23:43:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455", "CVE-2013-2445"], "description": "This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.", "modified": "2020-06-04T00:00:00", "published": "2013-06-24T00:00:00", "id": "OPENVAS:1361412562310803821", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803821", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803821\");\n script_version(\"2020-06-04T13:01:45+0000\");\n script_cve_id(\"CVE-2013-2473\", \"CVE-2013-2472\", \"CVE-2013-2471\", \"CVE-2013-2470\",\n \"CVE-2013-2469\", \"CVE-2013-2465\", \"CVE-2013-2464\", \"CVE-2013-2463\",\n \"CVE-2013-2459\", \"CVE-2013-2457\", \"CVE-2013-2456\", \"CVE-2013-2455\",\n \"CVE-2013-2454\", \"CVE-2013-2452\", \"CVE-2013-2450\", \"CVE-2013-2448\",\n \"CVE-2013-2447\", \"CVE-2013-2446\", \"CVE-2013-2445\", \"CVE-2013-2443\",\n \"CVE-2013-1500\", \"CVE-2013-1571\");\n script_bugtraq_id(60623, 60656, 60659, 60651, 60658, 60657, 60631, 60655,\n 60647, 60632, 60641, 60619, 60650, 60617, 60638, 60640,\n 60629, 60620, 60639, 60646, 60627, 60634);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 13:01:45 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 17:10:36 +0530 (Mon, 24 Jun 2013)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_portable_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\");\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to affect confidentiality,\n integrity, and availability via unknown vectors. Attackers can even execute arbitrary code on the target system.\");\n\n script_tag(name:\"affected\", value:\"Oracle Java SE Version 7 Update 21 and earlier, 6 Update 45 and earlier,\n and 5.0 Update 45 and earlier.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to unspecified errors in the 2D, AWT, JMX, JDBC, CORBA,\n serialization, libraries, Sound, Networking, Hotspot and Javadoc components.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"solution\", value:\"Update to Java SE Version 7 Update 25 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ncpe_list = make_list( \"cpe:/a:sun:jre\", \"cpe:/a:oracle:jre\" );\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location_from_list( cpe_list: cpe_list, exit_no_version: TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version: vers, test_version: \"1.7\", test_version2: \"1.7.0.21\" ) ||\n version_in_range( version: vers, test_version: \"1.6\", test_version2: \"1.6.0.45\" ) ||\n version_in_range( version: vers, test_version: \"1.5\", test_version2: \"1.5.0.45\" ) ) {\n report = report_fixed_ver( installed_version: vers, fixed_version: \"Java SE Version 7 Update 25\", install_path: path );\n security_message( port: 0, data: report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-13T12:51:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2471", "CVE-2013-2464", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2455", "CVE-2013-2445"], "description": "This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.", "modified": "2017-11-08T00:00:00", "published": "2013-06-24T00:00:00", "id": "OPENVAS:803821", "href": "http://plugins.openvas.org/nasl.php?oid=803821", "type": "openvas", "title": "Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_java_se_mult_vuln03_jun13_win.nasl 7699 2017-11-08 12:10:34Z santu $\n#\n# Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply patch from below link,\n http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\n\n *****\n NOTE: Ignore this warning if above mentioned patch is installed.\n *****\";\n\ntag_impact = \"Successful exploitation allows remote attackers to affect confidentiality,\n integrity, and availability via unknown vectors. Attackers can even execute\n arbitrary code on the target system.\n Impact Level: System/Application\";\n\ntag_affected = \"Oracle Java SE Version 7 Update 21 and earlier, 6 Update 45 and earlier,\n and 5.0 Update 45 and earlier\";\ntag_insight = \"Multiple flaws are due to unspecified errors in the 2D, AWT, JMX, JDBC, CORBA,\n serialization, libraries, Sound, Networking, Hotspot and Javadoc components.\";\ntag_summary = \"This host is installed with Oracle Java SE and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803821);\n script_version(\"$Revision: 7699 $\");\n script_cve_id(\"CVE-2013-2473\", \"CVE-2013-2472\", \"CVE-2013-2471\", \"CVE-2013-2470\",\n \"CVE-2013-2469\", \"CVE-2013-2465\", \"CVE-2013-2464\", \"CVE-2013-2463\",\n \"CVE-2013-2459\", \"CVE-2013-2457\", \"CVE-2013-2456\", \"CVE-2013-2455\",\n \"CVE-2013-2454\", \"CVE-2013-2452\", \"CVE-2013-2450\", \"CVE-2013-2448\",\n \"CVE-2013-2447\", \"CVE-2013-2446\", \"CVE-2013-2445\", \"CVE-2013-2443\",\n \"CVE-2013-1500\", \"CVE-2013-1571\");\n script_bugtraq_id(60623, 60656, 60659, 60651, 60658, 60657, 60631, 60655,\n 60647, 60632, 60641, 60619, 60650, 60617, 60638, 60640,\n 60629, 60620, 60639, 60646, 60627, 60634);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-08 13:10:34 +0100 (Wed, 08 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-24 17:10:36 +0530 (Mon, 24 Jun 2013)\");\n script_name(\"Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53846\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\");\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_java_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Sun/Java/JRE/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\njreVer = \"\";\n\n## Get JRE Version from KB\njreVer = get_kb_item(\"Sun/Java/JRE/Win/Ver\");\n\nif(jreVer && jreVer =~ \"^(1\\.(7|6|5))\")\n{\n ##Check for Oracle Java SE Versions\n if(version_in_range(version:jreVer, test_version:\"1.7\", test_version2:\"1.7.0.21\")||\n version_in_range(version:jreVer, test_version:\"1.6\", test_version2:\"1.6.0.45\")||\n version_in_range(version:jreVer, test_version:\"1.5\", test_version2:\"1.5.0.45\"))\n {\n security_message(0);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "Oracle Linux Local Security Checks ELSA-2013-1014", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123602", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1014.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123602\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:06:07 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1014\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1014 - java-1.6.0-openjdk security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1014\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1014.html\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2457\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\", \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2473\", \"CVE-2013-2446\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2459\", \"CVE-2013-2472\", \"CVE-2013-2447\", \"CVE-2013-2471\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.41.1.11.11.90.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.41.1.11.11.90.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.41.1.11.11.90.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.41.1.11.11.90.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.41.1.11.11.90.0.1.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310881762", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881762", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1014 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881762\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:04:08 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1014 centos6\");\n\n script_xref(name:\"CESA\", value:\"2013:1014\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-July/019835.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"java on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable to a\n frame injection attack. If such documentation was accessible over a\n network, and a remote attacker could trick a user into visiting a\n specially-crafted URL, it would ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-19T15:09:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "Check for the Version of java", "modified": "2018-01-19T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:881761", "href": "http://plugins.openvas.org/nasl.php?oid=881761", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1014 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable to a\n frame injection attack. If such documentation was accessible over a\n network, and a remote attacker could trick a user into visiting a\n specially-crafted URL, it would ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881761);\n script_version(\"$Revision: 8466 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 07:58:30 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:01:03 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1014 centos5 \");\n\n script_xref(name: \"CESA\", value: \"2013:1014\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019834.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310871015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871015", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871015\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:57:37 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01\");\n\n script_xref(name:\"RHSA\", value:\"2013:1014-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00004.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java-1.6.0-openjdk'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:51:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "Check for the Version of java", "modified": "2017-07-10T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:881762", "href": "http://plugins.openvas.org/nasl.php?oid=881762", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1014 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable to a\n frame injection attack. If such documentation was accessible over a\n network, and a remote attacker could trick a user into visiting a\n specially-crafted URL, it would ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(881762);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:04:08 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1014 centos6 \");\n\n script_xref(name: \"CESA\", value: \"2013:1014\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2013-July/019835.html\");\n script_summary(\"Check for the Version of java\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:51:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "Check for the Version of java-1.6.0-openjdk", "modified": "2017-07-12T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:871015", "href": "http://plugins.openvas.org/nasl.php?oid=871015", "type": "openvas", "title": "RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable t ...\n\n Description truncated, for more information please check the Reference URL\";\n\n\ntag_affected = \"java-1.6.0-openjdk on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(871015);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 12:57:37 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01\");\n\n script_xref(name: \"RHSA\", value: \"2013:1014-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-July/msg00004.html\");\n script_summary(\"Check for the Version of java-1.6.0-openjdk\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.62.1.11.11.90.el6_4\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-17T23:01:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120022", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120022", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-207)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120022\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:15:14 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-207)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in OpenJDK. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update java-1.6.0-openjdk to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-207.html\");\n script_cve_id(\"CVE-2013-2465\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\", \"CVE-2013-1500\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\", \"CVE-2013-2450\", \"CVE-2013-2452\", \"CVE-2013-2453\", \"CVE-2013-2443\", \"CVE-2013-2472\", \"CVE-2013-2459\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2447\", \"CVE-2013-2473\", \"CVE-2013-2448\", \"CVE-2013-2463\", \"CVE-2013-2445\", \"CVE-2013-2461\", \"CVE-2013-2469\", \"CVE-2013-2446\", \"CVE-2013-2444\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"java-1.6.0-openjdk-debuginfo\", rpm:\"java-1.6.0-openjdk-debuginfo~1.6.0.0~62.1.11.11.90.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-07-05T00:00:00", "id": "OPENVAS:1361412562310881761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881761", "type": "openvas", "title": "CentOS Update for java CESA-2013:1014 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for java CESA-2013:1014 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881761\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-05 13:01:03 +0530 (Fri, 05 Jul 2013)\");\n script_cve_id(\"CVE-2013-1500\", \"CVE-2013-1571\", \"CVE-2013-2407\", \"CVE-2013-2412\",\n \"CVE-2013-2443\", \"CVE-2013-2444\", \"CVE-2013-2445\", \"CVE-2013-2446\",\n \"CVE-2013-2447\", \"CVE-2013-2448\", \"CVE-2013-2450\", \"CVE-2013-2452\",\n \"CVE-2013-2453\", \"CVE-2013-2455\", \"CVE-2013-2456\", \"CVE-2013-2457\",\n \"CVE-2013-2459\", \"CVE-2013-2461\", \"CVE-2013-2463\", \"CVE-2013-2465\",\n \"CVE-2013-2469\", \"CVE-2013-2470\", \"CVE-2013-2471\", \"CVE-2013-2472\",\n \"CVE-2013-2473\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for java CESA-2013:1014 centos5\");\n\n script_xref(name:\"CESA\", value:\"2013:1014\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-July/019834.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'java'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"java on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"These packages provide the OpenJDK 6 Java Runtime Environment and the\n OpenJDK 6 Software Development Kit.\n\n Multiple flaws were discovered in the ImagingLib and the image attribute,\n channel, layout and raster processing in the 2D component. An untrusted\n Java application or applet could possibly use these flaws to trigger Java\n Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\n CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\n Integer overflow flaws were found in the way AWT processed certain input.\n An attacker could use these flaws to execute arbitrary code with the\n privileges of the user running an untrusted Java applet or application.\n (CVE-2013-2459)\n\n Multiple improper permission check issues were discovered in the Sound and\n JMX components in OpenJDK. An untrusted Java application or applet could\n use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\n CVE-2013-2457, CVE-2013-2453)\n\n Multiple flaws in the Serialization, Networking, Libraries and CORBA\n components can be exploited by an untrusted Java application or applet to\n gain access to potentially sensitive information. (CVE-2013-2456,\n CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\n It was discovered that the Hotspot component did not properly handle\n out-of-memory errors. An untrusted Java application or applet could\n possibly use these flaws to terminate the Java Virtual Machine.\n (CVE-2013-2445)\n\n It was discovered that the AWT component did not properly manage certain\n resources and that the ObjectStreamClass of the Serialization component\n did not properly handle circular references. An untrusted Java application\n or applet could possibly use these flaws to cause a denial of service.\n (CVE-2013-2444, CVE-2013-2450)\n\n It was discovered that the Libraries component contained certain errors\n related to XML security and the class loader. A remote attacker could\n possibly exploit these flaws to bypass intended security mechanisms or\n disclose potentially sensitive information and cause a denial of service.\n (CVE-2013-2407, CVE-2013-2461)\n\n It was discovered that JConsole did not properly inform the user when\n establishing an SSL connection failed. An attacker could exploit this flaw\n to gain access to potentially sensitive information. (CVE-2013-2412)\n\n It was found that documentation generated by Javadoc was vulnerable to a\n frame injection attack. If such documentation was accessible over a\n network, and a remote attacker could trick a user into visiting a\n specially-crafted URL, it would ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk\", rpm:\"java-1.6.0-openjdk~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-demo\", rpm:\"java-1.6.0-openjdk-demo~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-devel\", rpm:\"java-1.6.0-openjdk-devel~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-javadoc\", rpm:\"java-1.6.0-openjdk-javadoc~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"java-1.6.0-openjdk-src\", rpm:\"java-1.6.0-openjdk-src~1.6.0.0~1.41.1.11.11.90.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "[1:1.6.0.0-1.62.1.11.11.90]\n- updated to icedtea6-1.11.11.90.tar.gz\n- removed upstreamed patch9 jaxp-backport-factoryfinder.patch\n- removed upstreamed patch10 fixToFontSecurityFix.patch.\n- modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch\n- Resolves: rhbz#973129", "edition": 4, "modified": "2013-07-03T00:00:00", "published": "2013-07-03T00:00:00", "id": "ELSA-2013-1014", "href": "http://linux.oracle.com/errata/ELSA-2013-1014.html", "title": "java-1.6.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "[1.7.0.25-2.3.10.4.0.1.el5_9]\n- Add oracle-enterprise.patch\n- Fix DISTRO_NAME to 'Enterprise Linux'\n[1.7.0.25-2.3.10.4.el5]\n- updated to newer IcedTea7-forest 2.3.10 with 8010118 fix\n- removed upstreamed patch1000 MBeanFix.patch\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.3.el5]\n- reverted fix for license files owning\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.2.el5]\n- added patch1000 MBeanFix.patch to fix regressions caused by security patches\n- Resolves: rhbz#973117\n[1.7.0.25-2.3.10.1.el6]\n- build bumped to 25\n- Resolves: rhbz#973117\n[1.7.0.19-2.3.10.0.el5]\n- Updated to latest IcedTea7-forest 2.3.10\n- patch 107 renamed to 500 for cosmetic purposes\n- Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs\n- Resolves: rhbz#973117\n[1.7.0.19-2.3.10.0.el5]\n- Updated to latest IcedTea7-forest 2.3.10\n- Resolves: rhbz#973117", "edition": 4, "modified": "2013-06-19T00:00:00", "published": "2013-06-19T00:00:00", "id": "ELSA-2013-0958", "href": "http://linux.oracle.com/errata/ELSA-2013-0958.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "[1.7.0.25-2.3.10.3.0.1.el6_4]\n- Update DISTRO_NAME in specfile\n[1.7.0.25-2.3.10.3.el6]\n- removed upstreamed patch1000 MBeanFix.patch\n- updated to newer IcedTea7-forest 2.3.10 with 8010118 fix\n- Resolves: rhbz#973119\n[1.7.0.25-2.3.10.2.el6]\n- added patch1000 MBeanFix.patch to fix regressions caused by security patches\n- Resolves: rhbz#973119\n[1.7.0.25-2.3.10.1.el6]\n- build bumped to 25\n- Resolves: rhbz#973119\n[1.7.0.19-2.3.10.0.el6]\n- Updated to latest IcedTea7-forest 2.3.10\n- patch 107 renamed to 500 for cosmetic purposes\n- improved handling of patch111 - nss-config-2.patch\n- removed patch 117, java-1.7.0-openjdk-nss-multiplePKCS11libraryInitialisationNnonCritical.patch\n duplicated with patch 108 (java-1.7.0-openjdk-nss-icedtea-e9c857dcb964)\n- Added client/server directories so they can be owned\n- Added fix for RH857717, owned /etc/.java/ and /etc/.java/.systemPrefs\n- Resolves: rhbz#973119", "edition": 4, "modified": "2013-06-19T00:00:00", "published": "2013-06-19T00:00:00", "id": "ELSA-2013-0957", "href": "http://linux.oracle.com/errata/ELSA-2013-0957.html", "title": "java-1.7.0-openjdk security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1014\n\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and\nJMX components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\nCVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim\nBrown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/031872.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-July/031873.html\n\n**Affected packages:**\njava-1.6.0-openjdk\njava-1.6.0-openjdk-demo\njava-1.6.0-openjdk-devel\njava-1.6.0-openjdk-javadoc\njava-1.6.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1014.html", "edition": 3, "modified": "2013-07-04T10:17:25", "published": "2013-07-04T10:07:44", "href": "http://lists.centos.org/pipermail/centos-announce/2013-July/031872.html", "id": "CESA-2013:1014", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:08", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0958\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031835.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0958.html", "edition": 3, "modified": "2013-06-20T06:46:44", "published": "2013-06-20T06:46:44", "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/031835.html", "id": "CESA-2013:0958", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:26:28", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0957\n\n\nThese packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAfter installing this update, users of icedtea-web must install\nRHBA-2013:0959 for icedtea-web to continue functioning.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-June/031834.html\n\n**Affected packages:**\njava-1.7.0-openjdk\njava-1.7.0-openjdk-demo\njava-1.7.0-openjdk-devel\njava-1.7.0-openjdk-javadoc\njava-1.7.0-openjdk-src\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0957.html", "edition": 3, "modified": "2013-06-20T06:43:01", "published": "2013-06-20T06:43:01", "href": "http://lists.centos.org/pipermail/centos-announce/2013-June/031834.html", "id": "CESA-2013:0957", "title": "java security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:03", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "description": "These packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound and\nJMX components in OpenJDK. An untrusted Java application or applet could\nuse these flaws to bypass Java sandbox restrictions. (CVE-2013-2448,\nCVE-2013-2457, CVE-2013-2453)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim\nBrown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2013-07-03T04:00:00", "id": "RHSA-2013:1014", "href": "https://access.redhat.com/errata/RHSA-2013:1014", "type": "redhat", "title": "(RHSA-2013:1014) Important: java-1.6.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:04", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3009", "CVE-2013-3011", "CVE-2013-3012", "CVE-2013-3743", "CVE-2013-4002"], "description": "IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,\nCVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,\nCVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,\nCVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,\nCVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.5.0-ibm are advised to upgrade to these updated\npackages, containing the IBM J2SE 5.0 SR16-FP3 release. All running\ninstances of IBM Java must be restarted for this update to take effect.\n", "modified": "2018-06-07T09:04:37", "published": "2013-07-16T04:00:00", "id": "RHSA-2013:1081", "href": "https://access.redhat.com/errata/RHSA-2013:1081", "type": "redhat", "title": "(RHSA-2013:1081) Important: java-1.5.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:42", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n\nAll users of java-1.7.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:19:38", "published": "2013-06-19T04:00:00", "id": "RHSA-2013:0958", "href": "https://access.redhat.com/errata/RHSA-2013:0958", "type": "redhat", "title": "(RHSA-2013:0958) Important: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2445", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2449", "CVE-2013-2450", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2460", "CVE-2013-2461", "CVE-2013-2463", "CVE-2013-2465", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473"], "description": "These packages provide the OpenJDK 7 Java Runtime Environment and the\nOpenJDK 7 Software Development Kit.\n\nMultiple flaws were discovered in the ImagingLib and the image attribute,\nchannel, layout and raster processing in the 2D component. An untrusted\nJava application or applet could possibly use these flaws to trigger Java\nVirtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471,\nCVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469)\n\nInteger overflow flaws were found in the way AWT processed certain input.\nAn attacker could use these flaws to execute arbitrary code with the\nprivileges of the user running an untrusted Java applet or application.\n(CVE-2013-2459)\n\nMultiple improper permission check issues were discovered in the Sound,\nJDBC, Libraries, JMX, and Serviceability components in OpenJDK. An\nuntrusted Java application or applet could use these flaws to bypass Java\nsandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458,\nCVE-2013-2457, CVE-2013-2453, CVE-2013-2460)\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA\ncomponents can be exploited by an untrusted Java application or applet to\ngain access to potentially sensitive information. (CVE-2013-2456,\nCVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446)\n\nIt was discovered that the Hotspot component did not properly handle\nout-of-memory errors. An untrusted Java application or applet could\npossibly use these flaws to terminate the Java Virtual Machine.\n(CVE-2013-2445)\n\nIt was discovered that the AWT component did not properly manage certain\nresources and that the ObjectStreamClass of the Serialization component\ndid not properly handle circular references. An untrusted Java application\nor applet could possibly use these flaws to cause a denial of service.\n(CVE-2013-2444, CVE-2013-2450)\n\nIt was discovered that the Libraries component contained certain errors\nrelated to XML security and the class loader. A remote attacker could\npossibly exploit these flaws to bypass intended security mechanisms or\ndisclose potentially sensitive information and cause a denial of service.\n(CVE-2013-2407, CVE-2013-2461)\n\nIt was discovered that JConsole did not properly inform the user when\nestablishing an SSL connection failed. An attacker could exploit this flaw\nto gain access to potentially sensitive information. (CVE-2013-2412)\n\nIt was discovered that GnomeFileTypeDetector did not check for read\npermissions when accessing files. An untrusted Java application or applet\ncould possibly use this flaw to disclose potentially sensitive information.\n(CVE-2013-2449)\n\nIt was found that documentation generated by Javadoc was vulnerable to a\nframe injection attack. If such documentation was accessible over a\nnetwork, and a remote attacker could trick a user into visiting a\nspecially-crafted URL, it would lead to arbitrary web content being\ndisplayed next to the documentation. This could be used to perform a\nphishing attack by providing frame content that spoofed a login form on\nthe site hosting the vulnerable documentation. (CVE-2013-1571)\n\nIt was discovered that the 2D component created shared memory segments with\ninsecure permissions. A local attacker could use this flaw to read or write\nto the shared memory segment. (CVE-2013-1500)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website.\n\nAfter installing this update, users of icedtea-web must install\nRHBA-2013:0959 for icedtea-web to continue functioning.\n\nThis erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to\nthe NEWS file, linked to in the References, for further information.\n", "modified": "2018-06-06T20:24:18", "published": "2013-06-19T04:00:00", "id": "RHSA-2013:0957", "href": "https://access.redhat.com/errata/RHSA-2013:0957", "type": "redhat", "title": "(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:33:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1500", "CVE-2013-1571", "CVE-2013-2407", "CVE-2013-2412", "CVE-2013-2437", "CVE-2013-2442", "CVE-2013-2443", "CVE-2013-2444", "CVE-2013-2446", "CVE-2013-2447", "CVE-2013-2448", "CVE-2013-2450", "CVE-2013-2451", "CVE-2013-2452", "CVE-2013-2453", "CVE-2013-2454", "CVE-2013-2455", "CVE-2013-2456", "CVE-2013-2457", "CVE-2013-2459", "CVE-2013-2463", "CVE-2013-2464", "CVE-2013-2465", "CVE-2013-2466", "CVE-2013-2468", "CVE-2013-2469", "CVE-2013-2470", "CVE-2013-2471", "CVE-2013-2472", "CVE-2013-2473", "CVE-2013-3009", "CVE-2013-3011", "CVE-2013-3012", "CVE-2013-3743", "CVE-2013-4002"], "description": "IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM\nJava Software Development Kit.\n\nThis update fixes several vulnerabilities in the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit. Detailed\nvulnerability descriptions are linked from the IBM Security alerts page,\nlisted in the References section. (CVE-2013-1500, CVE-2013-1571,\nCVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443,\nCVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450,\nCVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455,\nCVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464,\nCVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,\nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nRed Hat would like to thank Tim Brown for reporting CVE-2013-1500, and\nUS-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the\noriginal reporter of CVE-2013-1571.\n\nAll users of java-1.6.0-ibm are advised to upgrade to these updated\npackages, containing the IBM Java SE 6 SR14 release. All running\ninstances of IBM Java must be restarted for the update to take effect.\n", "modified": "2018-06-07T09:04:24", "published": "2013-07-15T04:00:00", "id": "RHSA-2013:1059", "href": "https://access.redhat.com/errata/RHSA-2013:1059", "type": "redhat", "title": "(RHSA-2013:1059) Critical: java-1.6.0-ibm security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:34:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2470 __](<https://access.redhat.com/security/cve/CVE-2013-2470>), [CVE-2013-2471 __](<https://access.redhat.com/security/cve/CVE-2013-2471>), [CVE-2013-2472 __](<https://access.redhat.com/security/cve/CVE-2013-2472>), [CVE-2013-2473 __](<https://access.redhat.com/security/cve/CVE-2013-2473>), [CVE-2013-2463 __](<https://access.redhat.com/security/cve/CVE-2013-2463>), [CVE-2013-2465 __](<https://access.redhat.com/security/cve/CVE-2013-2465>), [CVE-2013-2469 __](<https://access.redhat.com/security/cve/CVE-2013-2469>))\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. ([CVE-2013-2459 __](<https://access.redhat.com/security/cve/CVE-2013-2459>))\n\nMultiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2448 __](<https://access.redhat.com/security/cve/CVE-2013-2448>), [CVE-2013-2457 __](<https://access.redhat.com/security/cve/CVE-2013-2457>), [CVE-2013-2453 __](<https://access.redhat.com/security/cve/CVE-2013-2453>))\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. ([CVE-2013-2456 __](<https://access.redhat.com/security/cve/CVE-2013-2456>), [CVE-2013-2447 __](<https://access.redhat.com/security/cve/CVE-2013-2447>), [CVE-2013-2455 __](<https://access.redhat.com/security/cve/CVE-2013-2455>), [CVE-2013-2452 __](<https://access.redhat.com/security/cve/CVE-2013-2452>), [CVE-2013-2443 __](<https://access.redhat.com/security/cve/CVE-2013-2443>), [CVE-2013-2446 __](<https://access.redhat.com/security/cve/CVE-2013-2446>))\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. ([CVE-2013-2445 __](<https://access.redhat.com/security/cve/CVE-2013-2445>))\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. ([CVE-2013-2444 __](<https://access.redhat.com/security/cve/CVE-2013-2444>), [CVE-2013-2450 __](<https://access.redhat.com/security/cve/CVE-2013-2450>))\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. ([CVE-2013-2407 __](<https://access.redhat.com/security/cve/CVE-2013-2407>), [CVE-2013-2461 __](<https://access.redhat.com/security/cve/CVE-2013-2461>))\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. ([CVE-2013-2412 __](<https://access.redhat.com/security/cve/CVE-2013-2412>))\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. ([CVE-2013-1571 __](<https://access.redhat.com/security/cve/CVE-2013-1571>))\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. ([CVE-2013-1500 __](<https://access.redhat.com/security/cve/CVE-2013-1500>))\n\n \n**Affected Packages:** \n\n\njava-1.6.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.6.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.i686 \n \n src: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.src \n \n x86_64: \n java-1.6.0-openjdk-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-src-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-demo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-debuginfo-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-javadoc-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n java-1.6.0-openjdk-devel-1.6.0.0-62.1.11.11.90.55.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-07-12T15:31:00", "published": "2013-07-12T15:31:00", "id": "ALAS-2013-207", "href": "https://alas.aws.amazon.com/ALAS-2013-207.html", "title": "Important: java-1.6.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:36:03", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "**Issue Overview:**\n\nMultiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. ([CVE-2013-2470 __](<https://access.redhat.com/security/cve/CVE-2013-2470>), [CVE-2013-2471 __](<https://access.redhat.com/security/cve/CVE-2013-2471>), [CVE-2013-2472 __](<https://access.redhat.com/security/cve/CVE-2013-2472>), [CVE-2013-2473 __](<https://access.redhat.com/security/cve/CVE-2013-2473>), [CVE-2013-2463 __](<https://access.redhat.com/security/cve/CVE-2013-2463>), [CVE-2013-2465 __](<https://access.redhat.com/security/cve/CVE-2013-2465>), [CVE-2013-2469 __](<https://access.redhat.com/security/cve/CVE-2013-2469>))\n\nInteger overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. ([CVE-2013-2459 __](<https://access.redhat.com/security/cve/CVE-2013-2459>))\n\nMultiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. ([CVE-2013-2448 __](<https://access.redhat.com/security/cve/CVE-2013-2448>), [CVE-2013-2454 __](<https://access.redhat.com/security/cve/CVE-2013-2454>), [CVE-2013-2458 __](<https://access.redhat.com/security/cve/CVE-2013-2458>), [CVE-2013-2457 __](<https://access.redhat.com/security/cve/CVE-2013-2457>), [CVE-2013-2453 __](<https://access.redhat.com/security/cve/CVE-2013-2453>), [CVE-2013-2460 __](<https://access.redhat.com/security/cve/CVE-2013-2460>))\n\nMultiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. ([CVE-2013-2456 __](<https://access.redhat.com/security/cve/CVE-2013-2456>), [CVE-2013-2447 __](<https://access.redhat.com/security/cve/CVE-2013-2447>), [CVE-2013-2455 __](<https://access.redhat.com/security/cve/CVE-2013-2455>), [CVE-2013-2452 __](<https://access.redhat.com/security/cve/CVE-2013-2452>), [CVE-2013-2443 __](<https://access.redhat.com/security/cve/CVE-2013-2443>), [CVE-2013-2446 __](<https://access.redhat.com/security/cve/CVE-2013-2446>))\n\nIt was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. ([CVE-2013-2445 __](<https://access.redhat.com/security/cve/CVE-2013-2445>))\n\nIt was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. ([CVE-2013-2444 __](<https://access.redhat.com/security/cve/CVE-2013-2444>), [CVE-2013-2450 __](<https://access.redhat.com/security/cve/CVE-2013-2450>))\n\nIt was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. ([CVE-2013-2407 __](<https://access.redhat.com/security/cve/CVE-2013-2407>), [CVE-2013-2461 __](<https://access.redhat.com/security/cve/CVE-2013-2461>))\n\nIt was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. ([CVE-2013-2412 __](<https://access.redhat.com/security/cve/CVE-2013-2412>))\n\nIt was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. ([CVE-2013-2449 __](<https://access.redhat.com/security/cve/CVE-2013-2449>))\n\nIt was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. ([CVE-2013-1571 __](<https://access.redhat.com/security/cve/CVE-2013-1571>))\n\nIt was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. ([CVE-2013-1500 __](<https://access.redhat.com/security/cve/CVE-2013-1500>))\n\n \n**Affected Packages:** \n\n\njava-1.7.0-openjdk\n\n \n**Issue Correction:** \nRun _yum update java-1.7.0-openjdk_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.29.amzn1.i686 \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.i686 \n \n noarch: \n java-1.7.0-openjdk-javadoc-1.7.0.25-2.3.10.3.29.amzn1.noarch \n \n src: \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.src \n \n x86_64: \n java-1.7.0-openjdk-demo-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-debuginfo-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-src-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-devel-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n java-1.7.0-openjdk-1.7.0.25-2.3.10.3.29.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-06-20T14:14:00", "published": "2013-06-20T14:14:00", "id": "ALAS-2013-204", "href": "https://alas.aws.amazon.com/ALAS-2013-204.html", "title": "Important: java-1.7.0-openjdk", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:12:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2727-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-6\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 \n CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 \n CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 \n CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 \n CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 \n CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 \n CVE-2013-2472 CVE-2013-2473\n\nSeveral vulnerabilities have been discovered in OpenJDK, an \nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 6b27-1.12.6-1~deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 6b27-1.12.6-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 6b27-1.12.6-1.\n\nWe recommend that you upgrade your openjdk-6 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-07-25T21:12:25", "published": "2013-07-25T21:12:25", "id": "DEBIAN:DSA-2727-1:34891", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00137.html", "title": "[SECURITY] [DSA 2727-1] openjdk-6 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2722-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 15, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openjdk-7\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 \n CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 \n CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 \n CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 \n CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 \n CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 \n CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 \n CVE-2013-2472 CVE-2013-2473\n\nSeveral vulnerabilities have been discovered in OpenJDK, an \nimplementation of the Oracle Java platform, resulting in the execution \nof arbitrary code, breakouts of the Java sandbox, information disclosure \nor denial of service.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7u25-2.3.10-1~deb7u1. In addition icedtea-web needed to be\nupdated to 1.4-3~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7u25-2.3.10-1.\n\nWe recommend that you upgrade your openjdk-7 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n\n\n", "edition": 3, "modified": "2013-07-15T15:53:07", "published": "2013-07-15T15:53:07", "id": "DEBIAN:DSA-2722-1:0F82B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00132.html", "title": "[SECURITY] [DSA 2722-1] openjdk-7 security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:25", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-3743", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2449"], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, \nCVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data \nintegrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure and availability. An attacker could exploit this to cause a \ndenial of service or expose sensitive data over the network. \n(CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure. An attacker could exploit these to expose sensitive \ndata over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, \nCVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \navailability. An attacker could exploit these to cause a denial of service. \n(CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker could \nexploit these to cause a denial of service or expose sensitive data over \nthe network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2461, \nCVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, \nCVE-2013-2472, CVE-2013-2473, CVE-2013-3743)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "edition": 5, "modified": "2013-07-23T00:00:00", "published": "2013-07-23T00:00:00", "id": "USN-1908-1", "href": "https://ubuntu.com/security/notices/USN-1908-1", "title": "OpenJDK 6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:31:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "Several vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, \nCVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data \nintegrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure and availability. An attacker could exploit this to cause a \ndenial of service or expose sensitive data over the network. \n(CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure. An attacker could exploit these to expose sensitive \ndata over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, \nCVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \navailability. An attacker could exploit these to cause a denial of service. \n(CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker could \nexploit these to cause a denial of service or expose sensitive data over \nthe network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460, \nCVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, \nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "edition": 5, "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "USN-1907-1", "href": "https://ubuntu.com/security/notices/USN-1907-1", "title": "OpenJDK 7 vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1571", "CVE-2013-1500", "CVE-2013-2448", "CVE-2013-2407", "CVE-2013-2456", "CVE-2013-2454", "CVE-2013-2470", "CVE-2013-2452", "CVE-2013-2451", "CVE-2013-2473", "CVE-2013-2463", "CVE-2013-2469", "CVE-2013-2465", "CVE-2013-2461", "CVE-2013-2471", "CVE-2013-2458", "CVE-2013-2459", "CVE-2013-2443", "CVE-2013-2446", "CVE-2013-2450", "CVE-2013-2472", "CVE-2013-2444", "CVE-2013-2447", "CVE-2013-2457", "CVE-2013-2453", "CVE-2013-2455", "CVE-2013-2412", "CVE-2013-2445", "CVE-2013-2460", "CVE-2013-2449"], "description": "USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, \nIcedTea Web needed an update to work with the new OpenJDK 7.\n\nOriginal advisory details:\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure and data integrity. An attacker could exploit these \nto expose sensitive data over the network. (CVE-2013-1500, CVE-2013-2454, \nCVE-2013-2458)\n\nA vulnerability was discovered in the OpenJDK Javadoc related to data \nintegrity. (CVE-2013-1571)\n\nA vulnerability was discovered in the OpenJDK JRE related to information \ndisclosure and availability. An attacker could exploit this to cause a \ndenial of service or expose sensitive data over the network. \n(CVE-2013-2407)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure. An attacker could exploit these to expose sensitive \ndata over the network. (CVE-2013-2412, CVE-2013-2443, CVE-2013-2446, \nCVE-2013-2447, CVE-2013-2449, CVE-2013-2452, CVE-2013-2456)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \navailability. An attacker could exploit these to cause a denial of service. \n(CVE-2013-2444, CVE-2013-2445, CVE-2013-2450)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to \ninformation disclosure, data integrity and availability. An attacker could \nexploit these to cause a denial of service or expose sensitive data over \nthe network. (CVE-2013-2448, CVE-2013-2451, CVE-2013-2459, CVE-2013-2460, \nCVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, \nCVE-2013-2471, CVE-2013-2472, CVE-2013-2473)\n\nSeveral vulnerabilities were discovered in the OpenJDK JRE related to data \nintegrity. (CVE-2013-2453, CVE-2013-2455, CVE-2013-2457)", "edition": 5, "modified": "2013-07-16T00:00:00", "published": "2013-07-16T00:00:00", "id": "USN-1907-2", "href": "https://ubuntu.com/security/notices/USN-1907-2", "title": "IcedTea Web update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
