Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2013:095 | First vendor Publication | 2013-04-10 |
| Vendor | Mandriva | Last vendor Modification | 2013-04-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Updated java-1.7.0-openjdk packages fix security vulnerabilities: Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2012-3174, CVE-2013-0422). Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444). Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges (CVE-2013-1478, CVE-2013-1480). A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions (CVE-2013-0432). The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted (CVE-2013-0435). Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434). It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack (CVE-2013-0424). It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake (CVE-2013-0440). It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack (CVE-2013-0443). Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-1486, CVE-2013-1484). An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2013-1485). It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-0169). An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-0809). It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges (CVE-2013-1493). |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 25 % | CWE-310 | Cryptographic Issues |
| 25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15733 | |||
| Oval ID: | oval:org.mitre.oval:def:15733 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1478 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15832 | |||
| Oval ID: | oval:org.mitre.oval:def:15832 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15888 | |||
| Oval ID: | oval:org.mitre.oval:def:15888 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0426 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16013 | |||
| Oval ID: | oval:org.mitre.oval:def:16013 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0427 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16035 | |||
| Oval ID: | oval:org.mitre.oval:def:16035 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0442 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16045 | |||
| Oval ID: | oval:org.mitre.oval:def:16045 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1480 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16058 | |||
| Oval ID: | oval:org.mitre.oval:def:16058 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0425 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16489 | |||
| Oval ID: | oval:org.mitre.oval:def:16489 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAX-WS) 7 through Update 11 and 6 through Update 38, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0435 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16496 | |||
| Oval ID: | oval:org.mitre.oval:def:16496 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0428 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16519 | |||
| Oval ID: | oval:org.mitre.oval:def:16519 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0424 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16528 | |||
| Oval ID: | oval:org.mitre.oval:def:16528 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0434 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16537 | |||
| Oval ID: | oval:org.mitre.oval:def:16537 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0433 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16550 | |||
| Oval ID: | oval:org.mitre.oval:def:16550 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0450 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16558 | |||
| Oval ID: | oval:org.mitre.oval:def:16558 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0440 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16566 | |||
| Oval ID: | oval:org.mitre.oval:def:16566 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0441 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16567 | |||
| Oval ID: | oval:org.mitre.oval:def:16567 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0432 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16579 | |||
| Oval ID: | oval:org.mitre.oval:def:16579 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0431 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16613 | |||
| Oval ID: | oval:org.mitre.oval:def:16613 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1475 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16614 | |||
| Oval ID: | oval:org.mitre.oval:def:16614 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Beans) 7 through Update 11, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0444 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16649 | |||
| Oval ID: | oval:org.mitre.oval:def:16649 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0429 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16652 | |||
| Oval ID: | oval:org.mitre.oval:def:16652 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1476 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16680 | |||
| Oval ID: | oval:org.mitre.oval:def:16680 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0445 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18151 | |||
| Oval ID: | oval:org.mitre.oval:def:18151 | ||
| Title: | USN-1693-1 -- openjdk-7 vulnerabilities | ||
| Description: | OpenJDK 7 could be made to crash or run programs as your login if it opened a specially crafted Java applet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1693-1 CVE-2012-3174 CVE-2013-0422 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18247 | |||
| Oval ID: | oval:org.mitre.oval:def:18247 | ||
| Title: | USN-1755-2 -- openjdk-7 vulnerabilities | ||
| Description: | OpenJDK could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1755-2 CVE-2013-0809 CVE-2013-1493 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 | Product(s): | openjdk-7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18302 | |||
| Oval ID: | oval:org.mitre.oval:def:18302 | ||
| Title: | USN-1732-1 -- openssl vulnerabilities | ||
| Description: | Several security issues were fixed in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1732-1 CVE-2012-2686 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18565 | |||
| Oval ID: | oval:org.mitre.oval:def:18565 | ||
| Title: | DSA-2621-1 openssl - several vulnerabilities | ||
| Description: | Multiple vulnerabilities have been found in OpenSSL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2621-1 CVE-2013-0166 CVE-2013-0169 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19010 | |||
| Oval ID: | oval:org.mitre.oval:def:19010 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19016 | |||
| Oval ID: | oval:org.mitre.oval:def:19016 | ||
| Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | VisualSVN Server |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19078 | |||
| Oval ID: | oval:org.mitre.oval:def:19078 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0435 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19131 | |||
| Oval ID: | oval:org.mitre.oval:def:19131 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0424 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19246 | |||
| Oval ID: | oval:org.mitre.oval:def:19246 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1493 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19261 | |||
| Oval ID: | oval:org.mitre.oval:def:19261 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0426 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19285 | |||
| Oval ID: | oval:org.mitre.oval:def:19285 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0440 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19289 | |||
| Oval ID: | oval:org.mitre.oval:def:19289 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0441 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19304 | |||
| Oval ID: | oval:org.mitre.oval:def:19304 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0445 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19320 | |||
| Oval ID: | oval:org.mitre.oval:def:19320 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0809 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19325 | |||
| Oval ID: | oval:org.mitre.oval:def:19325 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1475 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19349 | |||
| Oval ID: | oval:org.mitre.oval:def:19349 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0444 | Version: | 12 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19363 | |||
| Oval ID: | oval:org.mitre.oval:def:19363 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0450 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19382 | |||
| Oval ID: | oval:org.mitre.oval:def:19382 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0443 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19388 | |||
| Oval ID: | oval:org.mitre.oval:def:19388 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1485 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19418 | |||
| Oval ID: | oval:org.mitre.oval:def:19418 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0431 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19424 | |||
| Oval ID: | oval:org.mitre.oval:def:19424 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19428 | |||
| Oval ID: | oval:org.mitre.oval:def:19428 | ||
| Title: | HP-UX Apache Web Server, Remote Denial of Service (DoS) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 7 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19434 | |||
| Oval ID: | oval:org.mitre.oval:def:19434 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0442 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19457 | |||
| Oval ID: | oval:org.mitre.oval:def:19457 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0429 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19459 | |||
| Oval ID: | oval:org.mitre.oval:def:19459 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0433 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19466 | |||
| Oval ID: | oval:org.mitre.oval:def:19466 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1476 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19469 | |||
| Oval ID: | oval:org.mitre.oval:def:19469 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1486 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19480 | |||
| Oval ID: | oval:org.mitre.oval:def:19480 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0428 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19483 | |||
| Oval ID: | oval:org.mitre.oval:def:19483 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0425 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19488 | |||
| Oval ID: | oval:org.mitre.oval:def:19488 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0427 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19489 | |||
| Oval ID: | oval:org.mitre.oval:def:19489 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0432 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19504 | |||
| Oval ID: | oval:org.mitre.oval:def:19504 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1480 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19505 | |||
| Oval ID: | oval:org.mitre.oval:def:19505 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0434 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19508 | |||
| Oval ID: | oval:org.mitre.oval:def:19508 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1484 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19529 | |||
| Oval ID: | oval:org.mitre.oval:def:19529 | ||
| Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-1478 | Version: | 11 |
| Platform(s): | HP-UX 11 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19608 | |||
| Oval ID: | oval:org.mitre.oval:def:19608 | ||
| Title: | Multiple OpenSSL vulnerabilities | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 5 |
| Platform(s): | IBM AIX 5.3 IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20157 | |||
| Oval ID: | oval:org.mitre.oval:def:20157 | ||
| Title: | RHSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0246-00 CESA-2013:0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20185 | |||
| Oval ID: | oval:org.mitre.oval:def:20185 | ||
| Title: | RHSA-2013:0601: java-1.6.0-sun security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0601-02 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20333 | |||
| Oval ID: | oval:org.mitre.oval:def:20333 | ||
| Title: | RHSA-2013:0605: java-1.6.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0605-02 CESA-2013:0605 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20562 | |||
| Oval ID: | oval:org.mitre.oval:def:20562 | ||
| Title: | RHSA-2013:0156: java-1.7.0-oracle security update (Critical) | ||
| Description: | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0156-01 CVE-2012-3174 CVE-2013-0422 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20575 | |||
| Oval ID: | oval:org.mitre.oval:def:20575 | ||
| Title: | RHSA-2013:0274: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0274-00 CESA-2013:0274 CVE-2013-0169 CVE-2013-1486 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20744 | |||
| Oval ID: | oval:org.mitre.oval:def:20744 | ||
| Title: | RHSA-2013:0602: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0602-01 CESA-2013:0602 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20766 | |||
| Oval ID: | oval:org.mitre.oval:def:20766 | ||
| Title: | RHSA-2013:0273: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0273-01 CESA-2013:0273 CVE-2013-0169 CVE-2013-1486 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20775 | |||
| Oval ID: | oval:org.mitre.oval:def:20775 | ||
| Title: | RHSA-2013:0604: java-1.6.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0604-00 CESA-2013:0604 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20778 | |||
| Oval ID: | oval:org.mitre.oval:def:20778 | ||
| Title: | RHSA-2013:0275: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0275-01 CESA-2013:0275 CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 | Version: | 59 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20786 | |||
| Oval ID: | oval:org.mitre.oval:def:20786 | ||
| Title: | VMware vSphere, ESX and ESXi updates to third party libraries | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20822 | |||
| Oval ID: | oval:org.mitre.oval:def:20822 | ||
| Title: | RHSA-2013:0165: java-1.7.0-openjdk security update (Important) | ||
| Description: | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0165-01 CESA-2013:0165 CVE-2012-3174 CVE-2013-0422 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20835 | |||
| Oval ID: | oval:org.mitre.oval:def:20835 | ||
| Title: | RHSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0245-02 CESA-2013:0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20870 | |||
| Oval ID: | oval:org.mitre.oval:def:20870 | ||
| Title: | RHSA-2013:0600: java-1.7.0-oracle security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0600-02 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20981 | |||
| Oval ID: | oval:org.mitre.oval:def:20981 | ||
| Title: | RHSA-2013:0247: java-1.7.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0247-01 CESA-2013:0247 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 311 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21079 | |||
| Oval ID: | oval:org.mitre.oval:def:21079 | ||
| Title: | RHSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0587-01 CESA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 45 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21156 | |||
| Oval ID: | oval:org.mitre.oval:def:21156 | ||
| Title: | RHSA-2013:0603: java-1.7.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0603-00 CESA-2013:0603 CVE-2013-0809 CVE-2013-1493 | Version: | 31 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22881 | |||
| Oval ID: | oval:org.mitre.oval:def:22881 | ||
| Title: | ELSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0246-00 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23009 | |||
| Oval ID: | oval:org.mitre.oval:def:23009 | ||
| Title: | ELSA-2013:0603: java-1.7.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0603-00 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23179 | |||
| Oval ID: | oval:org.mitre.oval:def:23179 | ||
| Title: | ELSA-2013:0602: java-1.7.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0602-01 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23321 | |||
| Oval ID: | oval:org.mitre.oval:def:23321 | ||
| Title: | ELSA-2013:0274: java-1.6.0-openjdk security update (Important) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0274-00 CVE-2013-0169 CVE-2013-1486 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23342 | |||
| Oval ID: | oval:org.mitre.oval:def:23342 | ||
| Title: | ELSA-2012:1466: java-1.6.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1466-01 CVE-2012-0547 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-1682 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 97 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23436 | |||
| Oval ID: | oval:org.mitre.oval:def:23436 | ||
| Title: | ELSA-2013:0604: java-1.6.0-openjdk security update (Important) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0604-00 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23437 | |||
| Oval ID: | oval:org.mitre.oval:def:23437 | ||
| Title: | ELSA-2012:1465: java-1.5.0-ibm security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1465-01 CVE-2012-1531 CVE-2012-3143 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-5069 CVE-2012-5071 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 65 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23455 | |||
| Oval ID: | oval:org.mitre.oval:def:23455 | ||
| Title: | DEPRECATED: ELSA-2013:0165: java-1.7.0-openjdk security update (Important) | ||
| Description: | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0165-01 CVE-2012-3174 CVE-2013-0422 | Version: | 14 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23489 | |||
| Oval ID: | oval:org.mitre.oval:def:23489 | ||
| Title: | DEPRECATED: ELSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 18 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23559 | |||
| Oval ID: | oval:org.mitre.oval:def:23559 | ||
| Title: | ELSA-2013:0165: java-1.7.0-openjdk security update (Important) | ||
| Description: | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0165-01 CVE-2012-3174 CVE-2013-0422 | Version: | 13 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23803 | |||
| Oval ID: | oval:org.mitre.oval:def:23803 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1485 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23877 | |||
| Oval ID: | oval:org.mitre.oval:def:23877 | ||
| Title: | ELSA-2013:0156: java-1.7.0-oracle security update (Critical) | ||
| Description: | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0156-01 CVE-2012-3174 CVE-2013-0422 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23891 | |||
| Oval ID: | oval:org.mitre.oval:def:23891 | ||
| Title: | ELSA-2013:0273: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0273-01 CVE-2013-0169 CVE-2013-1486 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23909 | |||
| Oval ID: | oval:org.mitre.oval:def:23909 | ||
| Title: | ELSA-2013:0587: openssl security update (Moderate) | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0587-01 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169 | Version: | 17 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23933 | |||
| Oval ID: | oval:org.mitre.oval:def:23933 | ||
| Title: | ELSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0245-02 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23975 | |||
| Oval ID: | oval:org.mitre.oval:def:23975 | ||
| Title: | ELSA-2013:0601: java-1.6.0-sun security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0601-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-sun |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24070 | |||
| Oval ID: | oval:org.mitre.oval:def:24070 | ||
| Title: | ELSA-2013:0605: java-1.6.0-openjdk security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0605-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24072 | |||
| Oval ID: | oval:org.mitre.oval:def:24072 | ||
| Title: | ELSA-2013:0600: java-1.7.0-oracle security update (Critical) | ||
| Description: | The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0600-02 CVE-2013-0809 CVE-2013-1493 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-oracle |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24141 | |||
| Oval ID: | oval:org.mitre.oval:def:24141 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1486 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24250 | |||
| Oval ID: | oval:org.mitre.oval:def:24250 | ||
| Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1484 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24405 | |||
| Oval ID: | oval:org.mitre.oval:def:24405 | ||
| Title: | Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24938 | |||
| Oval ID: | oval:org.mitre.oval:def:24938 | ||
| Title: | OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks | ||
| Description: | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0169 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25811 | |||
| Oval ID: | oval:org.mitre.oval:def:25811 | ||
| Title: | SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm | ||
| Description: | IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0701-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 CVE-2013-0169 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | java-1_7_0-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25872 | |||
| Oval ID: | oval:org.mitre.oval:def:25872 | ||
| Title: | SUSE-SU-2013:0710-1 -- Security update for IBM Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13 FP16 which fixes bugs and security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0710-1 CVE-2013-0485 CVE-2013-0809 CVE-2013-1493 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | IBM Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25894 | |||
| Oval ID: | oval:org.mitre.oval:def:25894 | ||
| Title: | SUSE-SU-2013:0440-1 -- Security update for Java | ||
| Description: | IBM Java 7 was updated to SR4, fixing various critical security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0440-1 CVE-2013-1487 CVE-2013-1486 CVE-2013-1478 CVE-2013-0445 CVE-2013-1480 CVE-2013-0441 CVE-2013-1476 CVE-2012-1541 CVE-2013-0446 CVE-2012-3342 CVE-2013-0442 CVE-2013-0450 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2012-3213 CVE-2013-0419 CVE-2013-0423 CVE-2013-0351 CVE-2013-0432 CVE-2013-1473 CVE-2013-0435 CVE-2013-0434 CVE-2013-0409 CVE-2013-0427 CVE-2013-0433 CVE-2013-0424 CVE-2013-0440 CVE-2013-0438 CVE-2013-0443 CVE-2013-1484 CVE-2013-1485 CVE-2013-0437 CVE-2013-0444 CVE-2013-0449 CVE-2013-0431 CVE-2013-0422 CVE-2012-3174 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25934 | |||
| Oval ID: | oval:org.mitre.oval:def:25934 | ||
| Title: | SUSE-SU-2013:0434-1 -- Security update for Java | ||
| Description: | This release of Icedtea6-1.12.4 fixes the following two issues that allowed a remote attacker to execute arbitrary code remotely by providing crafted images to the affected code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0434-1 CVE-2013-0809 CVE-2013-1493 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:25940 | |||
| Oval ID: | oval:org.mitre.oval:def:25940 | ||
| Title: | SUSE-SU-2013:0440-2 -- Security update for Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0440-2 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26128 | |||
| Oval ID: | oval:org.mitre.oval:def:26128 | ||
| Title: | SUSE-SU-2013:0315-1 -- Security update for Java 1.6.0 | ||
| Description: | java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0315-1 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0429 CVE-2013-0432 CVE-2013-0443 CVE-2013-0440 CVE-2013-0442 CVE-2013-0428 CVE-2013-0441 CVE-2013-0435 CVE-2013-0433 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-0434 CVE-2013-1478 CVE-2013-1480 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java 1.6.0 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26214 | |||
| Oval ID: | oval:org.mitre.oval:def:26214 | ||
| Title: | SUSE-SU-2013:0328-1 -- Security update for Java | ||
| Description: | java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0328-1 CVE-2013-1486 CVE-2013-0169 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:26262 | |||
| Oval ID: | oval:org.mitre.oval:def:26262 | ||
| Title: | SUSE-SU-2013:0440-3 -- Security update for Java | ||
| Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:0440-3 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26692 | |||
| Oval ID: | oval:org.mitre.oval:def:26692 | ||
| Title: | DEPRECATED: ELSA-2013-0604 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.36.1.11.9.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.36.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917176 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0604 CVE-2013-1493 CVE-2013-0809 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27328 | |||
| Oval ID: | oval:org.mitre.oval:def:27328 | ||
| Title: | DEPRECATED: ELSA-2013-0274 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.35.1.11.8.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.35.1.11.8] - Rebuild with updated source tarball - Resolves: rhbz#911522 [1:1.6.0.0-1.34.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but valid - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911522 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0274 CVE-2013-0169 CVE-2013-1486 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27449 | |||
| Oval ID: | oval:org.mitre.oval:def:27449 | ||
| Title: | DEPRECATED: ELSA-2013-0165 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.9-2.3.4.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.4.1.el6] - Rewerted to IcedTea 2.3.4 - rewerted patch105: java-1.7.0-openjdk-disable-system-lcms.patch - removed jxmd and idlj to alternatives - make NOT executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - re-applied patch302 and restored systemtap.patch - buildver set to 9 - icedtea_version set to 2.3.4 - unapplied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - restored tmp-patches source tarball - removed /lib/security/US_export_policy.jar and lib/security/local_policy.jar - java-1.7.0-openjdk-java-access-bridge-security.patch's path moved from java.security-linux back to java.security - Resolves: rhbz#895033 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Resolves: rhbz#895033 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0165 CVE-2012-3174 CVE-2013-0422 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27509 | |||
| Oval ID: | oval:org.mitre.oval:def:27509 | ||
| Title: | DEPRECATED: ELSA-2013-0246 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.33.1.11.6] - removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch - added patch9: 7201064.patch to be reverted - added patch10: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906705 [1:1.6.0.0-1.32.1.11.6] - added patch9 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906705 [1:1.6.0.0-1.31.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906705 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27551 | |||
| Oval ID: | oval:org.mitre.oval:def:27551 | ||
| Title: | DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0275 CVE-2013-1485 CVE-2013-1484 CVE-2013-1486 CVE-2013-0169 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27569 | |||
| Oval ID: | oval:org.mitre.oval:def:27569 | ||
| Title: | DEPRECATED: ELSA-2013-0605 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.57.1.11.9] - Updated to icedtea6 1.11.9 - Resolves: rhbz#917179 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0605 CVE-2013-1493 CVE-2013-0809 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27572 | |||
| Oval ID: | oval:org.mitre.oval:def:27572 | ||
| Title: | DEPRECATED: ELSA-2013-0603 -- java-1.7.0-openjdk security update (important) | ||
| Description: | [1.7.0.9-2.3.8.0.0.1.el5_9] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.9-2.3.8.0.el5_9] - Updated to icedtea7-forest-2.3 - Resolves: rhbz#917181 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0603 CVE-2013-0809 CVE-2013-1493 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27578 | |||
| Oval ID: | oval:org.mitre.oval:def:27578 | ||
| Title: | DEPRECATED: ELSA-2013-0273 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.56.1.11.8] - Rebuild with updated sources - Resolves: rhbz#911524 [1:1.6.0.0-1.55.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but working - Resolves: rhbz#911524 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0273 CVE-2013-0169 CVE-2013-1486 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27593 | |||
| Oval ID: | oval:org.mitre.oval:def:27593 | ||
| Title: | DEPRECATED: ELSA-2013-0602 -- java-1.7.0-openjdk security update (critical) | ||
| Description: | [1.7.0.9-2.3.8.0.0.1.el6_4] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.8.0el6] - Revert to rhel 6.3 version of spec file - Revert to icedtea7 2.3.8 forest - Resolves: rhbz#917183 [1.7.0.11-2.4.0.pre5.el6] - Update to latest snapshot of icedtea7 2.4 forest - Resolves: rhbz#917183 [1.7.0.9-2.4.0.pre4.3.el6] - Updated to icedtea 2.4.0.pre4, - Rewritten (again) patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre3.3.el6] - Updated to icedtea 2.4.0.pre3, updated! - Rewritten patch3 java-1.7.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911530 [1.7.0.9-2.4.0.pre2.3.el6] - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.4.0.pre2, updated? - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911530 [1.7.0.11-2.4.0.2.el6] - Unapplied but kept (for 2.3revert) patch110, java-1.7.0-openjdk-nss-icedtea-e9c857dcb964.patch - Added and applied patch113: java-1.7.0-openjdk-aes-update_reset.patch - Added and applied patch114: java-1.7.0-openjdk-nss-tck.patch - Added and applied patch115: java-1.7.0-openjdk-nss-split_results.patch - NSS enabled by default - enable_nss set to 1 - rewritten patch109 - java-1.7.0-openjdk-nss-config-1.patch - rewritten patch111 - java-1.7.0-openjdk-nss-config-2.patch - Resolves: rhbz#831734 [1.7.0.11-2.4.0.1.el6] - Rewritten patch105: java-1.7.0-openjdk-disable-system-lcms.patch - Added jxmd and idlj to alternatives - make executed with DISABLE_INTREE_EC=true and UNLIMITED_CRYPTO=true - Unapplied patch302 and deleted systemtap.patch - buildver increased to 11 - icedtea_version set to 2.4.0 - Added and applied patch112 java-1.7.openjdk-doNotUseDisabledEcc.patch - removed tmp-patches source tarball - Added /lib/security/US_export_policy.jar and lib/security/local_policy.jar - Disabled nss - enable_nss set to 0 - Resolves: rhbz#895034 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0602 CVE-2013-0809 CVE-2013-1493 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27605 | |||
| Oval ID: | oval:org.mitre.oval:def:27605 | ||
| Title: | DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate) | ||
| Description: | [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0587 CVE-2013-0166 CVE-2012-4929 CVE-2013-0169 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27631 | |||
| Oval ID: | oval:org.mitre.oval:def:27631 | ||
| Title: | DEPRECATED: ELSA-2013-0245 -- java-1.6.0-openjdk security update (critical) | ||
| Description: | [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Java MBeanInstantiator findClass and Introspector Sandbox Escape | More info here |
| Java Runtime Environment Color Management memory overwrite | More info here |
| Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-03-29 | Java CMM Remote Code Execution |
| 2013-02-25 | Java Applet JMX Remote Code Execution |
| 2013-01-11 | Java Applet JMX Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2013-09-19 | IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE) Severity : Category I - VMSKEY : V0040371 |
| 2013-09-19 | IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces... Severity : Category I - VMSKEY : V0040372 |
| 2013-09-19 | IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373 |
| 2013-04-11 | IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL Severity : Category I - VMSKEY : V0037605 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-16 | CottonCastle exploit kit Oracle java outbound connection RuleID : 31278 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-11-16 | CottonCastle exploit kit Oracle Java outbound connection RuleID : 31277 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-03-06 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 29606 - Revision : 4 - Type : FILE-JAVA |
| 2014-03-06 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 29605 - Revision : 3 - Type : FILE-JAVA |
| 2014-02-21 | Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-02-21 | Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-30 | Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-11 | Neutrino exploit kit initial outbound request - generic detection RuleID : 28911 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request by Java - generic detection RuleID : 28476 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request - generic detection RuleID : 28475 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound plugin detection response - generic detection RuleID : 28474 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28460 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28459 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 28458 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28457 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28456 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28455 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Win.Trojan.Bspire variant connection RuleID : 28439 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28414 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28413 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28412 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28304 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28298 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28275 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28274 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28273 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude/Nuclear exploit kit landing page RuleID : 28236 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28214 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit post Java compromise download attempt RuleID : 28111 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28109 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt RuleID : 28108 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28032 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 28031 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Magnitude/Popads/Nuclear exploit kit jnlp request RuleID : 28029 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit outbound request format RuleID : 27785 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 27784 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 27113-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 27113 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Nailed exploit kit jmxbean remote code execution exploit download - autopwn RuleID : 27083 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 26950-community - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit Zeroaccess download attempt RuleID : 26950 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26948-community - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download RuleID : 26948 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Goon/Infinity/Redkit exploit kit short jar request RuleID : 26808 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26807 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit short JNLP request RuleID : 26806 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit encrypted binary download RuleID : 26805 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26653 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26588 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26587 - Revision : 9 - Type : FILE-JAVA |
| 2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit pdf download detection RuleID : 26539 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit landing page received RuleID : 26538 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit jar download detection RuleID : 26537 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT |
| 2018-06-15 | Stamp exploit kit portable executable download RuleID : 26534-community - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit portable executable download RuleID : 26534 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26384 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26383 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26377 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26351 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | TDS redirection - may lead to exploit kit RuleID : 26350 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit obfuscated portable executable RuleID : 26349 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit delivery RuleID : 26348 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit java exploit request RuleID : 26347 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit payload requested RuleID : 26346 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 26345 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page redirection RuleID : 26344 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Watering Hole Campaign applet download RuleID : 26294 - Revision : 5 - Type : FILE-OTHER |
| 2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Impact exploit kit landing page RuleID : 26252 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt RuleID : 26200 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib LookupOp integer overflow attempt RuleID : 26199 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 26198 - Revision : 8 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt RuleID : 26197 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib LookupOp integer overflow attempt RuleID : 26196 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt RuleID : 26195 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26100 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit redirection page RuleID : 26099 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26098 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26097 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26096 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Neutrino exploit kit landing page RuleID : 26095 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit - Java exploit download RuleID : 26039 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Crimeboss exploit kit - Java exploit download RuleID : 26038 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Known malicious jar archive download attempt RuleID : 26030 - Revision : 3 - Type : FILE-OTHER |
| 2014-01-10 | Java user-agent request to svchost.jpg RuleID : 26025 - Revision : 3 - Type : INDICATOR-COMPROMISE |
| 2014-01-10 | Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25989 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit landing page RuleID : 25988 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection RuleID : 25971 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25834 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25833 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25832 - Revision : 7 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25831 - Revision : 5 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java malicious class download attempt RuleID : 25830 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | SSLv3 plaintext recovery attempt RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.2 plaintext recovery attempt RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.1 plaintext recovery attempt RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | TLSv1.0 plaintext recovery attempt RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER |
| 2014-01-10 | Whitehole exploit kit landing page RuleID : 25806 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit Java exploit retrieval RuleID : 25805 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Whitehole exploit kit malicious jar download attempt RuleID : 25804 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit encoded portable executable request RuleID : 25802 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit jar file request RuleID : 25801 - Revision : 10 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit Javascript request RuleID : 25800 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Stamp exploit kit pdf request RuleID : 25799 - Revision : 11 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot executable retrieval attempt RuleID : 25540 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot java retrieval attempt RuleID : 25539 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Red Dot landing page RuleID : 25538 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25473 - Revision : 6 - Type : FILE-JAVA |
| 2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25472 - Revision : 12 - Type : FILE-JAVA |
| 2014-01-10 | Multiple exploit kit malicious jar archive download RuleID : 25302 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | redirect to malicious java archive attempt RuleID : 25301 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Redkit exploit kit redirection attempt RuleID : 25255 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT |
| 2014-01-10 | Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Sibhost exploit kit outbound JAR download attempt RuleID : 24841 - Revision : 5 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible malicious Jar download attempt - specific-structure RuleID : 24798-community - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Possible malicious Jar download attempt - specific-structure RuleID : 24798 - Revision : 5 - Type : EXPLOIT-KIT |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-09-27 | Name : The remote Debian host is missing a security update. File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO |
| 2016-11-21 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO |
| 2015-01-13 | Name : The remote host has a library installed that is affected by an information di... File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO |
| 2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
| 2014-12-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO |
| 2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by multiple vulnerabilities. File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO |
| 2014-08-11 | Name : The remote backup service is affected by an information disclosure vulnerabil... File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO |
| 2014-07-14 | Name : The remote mail server is affected by an information disclosure vulnerability. File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-131.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-165.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-198.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-230.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-47.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2014-01-20 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2013-12-18 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp9.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-10-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-09-20 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote device is missing a vendor-supplied security patch. File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-151.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-155.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-156.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-167.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-168.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO |
| 2013-08-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO |
| 2013-08-02 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO |
| 2013-07-19 | Name : The remote application server is potentially affected by multiple vulnerabili... File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO |
| 2013-07-16 | Name : The remote device is missing a vendor-supplied security patch. File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-07-10 | Name : The remote host has a library installed that is affected by an information di... File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO |
| 2013-06-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO |
| 2013-06-06 | Name : The remote web server contains an application that is affected by multiple vu... File : splunk_503.nasl - Type : ACT_GATHER_INFO |
| 2013-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO |
| 2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO |
| 2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO |
| 2013-04-30 | Name : The remote host is affected by multiple vulnerabilities. File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130415.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8543.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8542.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO |
| 2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO |
| 2013-04-03 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO |
| 2013-03-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO |
| 2013-03-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO |
| 2013-03-26 | Name : The remote Windows host contains a program that is affected by multiple vulne... File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO |
| 2013-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130312.nasl - Type : ACT_GATHER_INFO |
| 2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8483.nasl - Type : ACT_GATHER_INFO |
| 2013-03-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8495.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3468.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130306.nasl - Type : ACT_GATHER_INFO |
| 2013-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8481.nasl - Type : ACT_GATHER_INFO |
| 2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130307.nasl - Type : ACT_GATHER_INFO |
| 2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0624.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0625.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130306_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1755-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2013-3467.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0600.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0601.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0602.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0603.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0604.nasl - Type : ACT_GATHER_INFO |
| 2013-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0605.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java5_update41.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java5_update41_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java6_update43.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java6_update43_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java7_update17.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote host contains a runtime environment that can allow code execution. File : oracle_java7_update17_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-03-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1755-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update14.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-002.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO |
| 2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO |
| 2013-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO |
| 2013-02-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO |
| 2013-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote host contains a programming platform that is potentially affected ... File : oracle_java7_update11_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO |
| 2013-02-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130212.nasl - Type : ACT_GATHER_INFO |
| 2013-02-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update13.nasl - Type : ACT_GATHER_INFO |
| 2013-02-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-001.nasl - Type : ACT_GATHER_INFO |
| 2013-02-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1724-1.nasl - Type : ACT_GATHER_INFO |
| 2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO |
| 2013-02-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO |
| 2013-02-13 | Name : The remote service may be affected by an information disclosure vulnerability. File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO |
| 2013-02-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130205_jdk_1_6_0_on_SL_5_0.nasl - Type : ACT_GATHER_INFO |
| 2013-02-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-010.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2188.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2197.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2205.nasl - Type : ACT_GATHER_INFO |
| 2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2209.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO |
| 2013-02-09 | Name : The remote host may be affected by multiple vulnerabilities. File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO |
| 2013-02-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO |
| 2013-02-06 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1898.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update12.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0236.nasl - Type : ACT_GATHER_INFO |
| 2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0237.nasl - Type : ACT_GATHER_INFO |
| 2013-02-04 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1485.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-0853.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-0868.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Fedora host is missing a security update. File : fedora_2013-0888.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130116_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1693-1.nasl - Type : ACT_GATHER_INFO |
| 2013-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0156.nasl - Type : ACT_GATHER_INFO |
| 2013-01-14 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java7_update11.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1465.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1466.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1467.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:43:35 |
|
| 2013-04-10 13:18:27 |
|
