Executive Summary

Summary
Title java-1.7.0-ibm security update
Informations
Name RHSA-2015:0134 First vendor Publication 2015-02-05
Vendor RedHat Last vendor Modification 2015-02-05
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary.

Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64

3. Description:

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-8891, CVE-2014-8892, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412)

All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR8-FP10 release. All running instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1183021 - CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367) 1183023 - CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309) 1183043 - CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304) 1183044 - CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485) 1183049 - CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555) 1183645 - CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489) 1183646 - CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276) 1183660 - CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314) 1183715 - CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264) 1184275 - CVE-2015-0403 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1184277 - CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment) 1189142 - CVE-2014-8891 IBM JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update 1189145 - CVE-2014-8892 IBM JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2015-0134.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27941
 
Oval ID: oval:org.mitre.oval:def:27941
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28009
 
Oval ID: oval:org.mitre.oval:def:28009
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28015
 
Oval ID: oval:org.mitre.oval:def:28015
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28035
 
Oval ID: oval:org.mitre.oval:def:28035
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28179
 
Oval ID: oval:org.mitre.oval:def:28179
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28221
 
Oval ID: oval:org.mitre.oval:def:28221
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.
Family: unix Class: vulnerability
Reference(s): CVE-2014-8891
Version: 5
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28224
 
Oval ID: oval:org.mitre.oval:def:28224
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28251
 
Oval ID: oval:org.mitre.oval:def:28251
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28327
 
Oval ID: oval:org.mitre.oval:def:28327
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28357
 
Oval ID: oval:org.mitre.oval:def:28357
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28427
 
Oval ID: oval:org.mitre.oval:def:28427
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28445
 
Oval ID: oval:org.mitre.oval:def:28445
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28446
 
Oval ID: oval:org.mitre.oval:def:28446
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28455
 
Oval ID: oval:org.mitre.oval:def:28455
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28462
 
Oval ID: oval:org.mitre.oval:def:28462
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28510
 
Oval ID: oval:org.mitre.oval:def:28510
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28516
 
Oval ID: oval:org.mitre.oval:def:28516
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28536
 
Oval ID: oval:org.mitre.oval:def:28536
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28563
 
Oval ID: oval:org.mitre.oval:def:28563
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28628
 
Oval ID: oval:org.mitre.oval:def:28628
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28637
 
Oval ID: oval:org.mitre.oval:def:28637
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6593
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28715
 
Oval ID: oval:org.mitre.oval:def:28715
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28721
 
Oval ID: oval:org.mitre.oval:def:28721
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28733
 
Oval ID: oval:org.mitre.oval:def:28733
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28777
 
Oval ID: oval:org.mitre.oval:def:28777
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28801
 
Oval ID: oval:org.mitre.oval:def:28801
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28809
 
Oval ID: oval:org.mitre.oval:def:28809
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6585
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28814
 
Oval ID: oval:org.mitre.oval:def:28814
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28819
 
Oval ID: oval:org.mitre.oval:def:28819
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6587
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28820
 
Oval ID: oval:org.mitre.oval:def:28820
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28839
 
Oval ID: oval:org.mitre.oval:def:28839
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6549
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28852
 
Oval ID: oval:org.mitre.oval:def:28852
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0408
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28855
 
Oval ID: oval:org.mitre.oval:def:28855
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28857
 
Oval ID: oval:org.mitre.oval:def:28857
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28860
 
Oval ID: oval:org.mitre.oval:def:28860
Title: Multiple vulnerabilities in current releases of the IBM® SDK,Java Technology Edition
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0406
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28872
 
Oval ID: oval:org.mitre.oval:def:28872
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28873
 
Oval ID: oval:org.mitre.oval:def:28873
Title: Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28877
 
Oval ID: oval:org.mitre.oval:def:28877
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0407
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28900
 
Oval ID: oval:org.mitre.oval:def:28900
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0412
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28931
 
Oval ID: oval:org.mitre.oval:def:28931
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6591
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28939
 
Oval ID: oval:org.mitre.oval:def:28939
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0403
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28972
 
Oval ID: oval:org.mitre.oval:def:28972
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2014-6549
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29003
 
Oval ID: oval:org.mitre.oval:def:29003
Title: JRE and JDK Vulnerability on HPUX
Description: Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2015-0410
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 55
Application 6
Application 6
Application 2
Os 4
Os 2
Os 1
Os 1
Os 1
Os 1
Os 4

Nessus® Vulnerability Scanner

Date Description
2016-03-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201603-14.nasl - Type : ACT_GATHER_INFO
2015-10-14 Name : The remote Fedora host is missing a security update.
File : fedora_2015-16314.nasl - Type : ACT_GATHER_INFO
2015-09-24 Name : The remote Fedora host is missing a security update.
File : fedora_2015-16315.nasl - Type : ACT_GATHER_INFO
2015-08-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3323.nasl - Type : ACT_GATHER_INFO
2015-07-14 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201507-14.nasl - Type : ACT_GATHER_INFO
2015-06-18 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-1073-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0503-1.nasl - Type : ACT_GATHER_INFO
2015-05-15 Name : The remote Debian host is missing a security update.
File : debian_DLA-219.nasl - Type : ACT_GATHER_INFO
2015-05-01 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-05-01 Name : The remote host has an update manager installed that is affected by a Java Ru...
File : vmware_vcenter_update_mgr_vmsa-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-20 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_vcenter_chargeback_manager_vmsa_2015_0003.nasl - Type : ACT_GATHER_INFO
2015-04-13 Name : The remote host has a device management application installed that is affecte...
File : vmware_workspace_portal_vmsa2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-13 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_horizon_view_VMSA-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-198.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Linux host has a virtualization application installed that is miss...
File : vcenter_operations_manager_vmsa_2015-0003-linux.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote Windows host has a virtualization application installed that is mi...
File : vcenter_operations_manager_vmsa_2015-0003-win.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host has a virtualization application installed that is missing a ...
File : vcenter_operations_manager_vmsa_2015-0003-vapp.nasl - Type : ACT_GATHER_INFO
2015-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3569.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-161.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-157.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3590.nasl - Type : ACT_GATHER_INFO
2015-03-17 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_7_0_0_37.nasl - Type : ACT_GATHER_INFO
2015-03-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3187.nasl - Type : ACT_GATHER_INFO
2015-03-11 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2522-3.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2522-2.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2522-1.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0264.nasl - Type : ACT_GATHER_INFO
2015-02-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0263.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote AIX host has a version of Java SDK installed that is affected by m...
File : aix_java_feb2015_advisory.nasl - Type : ACT_GATHER_INFO
2015-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-150210.nasl - Type : ACT_GATHER_INFO
2015-02-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-150210.nasl - Type : ACT_GATHER_INFO
2015-02-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-150206.nasl - Type : ACT_GATHER_INFO
2015-02-13 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-480.nasl - Type : ACT_GATHER_INFO
2015-02-09 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-033.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0136.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0135.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0134.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0133.nasl - Type : ACT_GATHER_INFO
2015-02-03 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-91.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3147.nasl - Type : ACT_GATHER_INFO
2015-01-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3144.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2487-1.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2486-1.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150126_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0086.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0085.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0079.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-471.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-472.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0080.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_8_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150121_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Unix host contains a programming platform that is affected by mult...
File : oracle_java_cpu_jan_2015_unix.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_java_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0067.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Windows host contains a programming platform that is affected by m...
File : oracle_jrockit_cpu_jan_2015.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0069.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0068.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-03-07 05:25:42
  • Multiple Updates
2015-02-07 13:25:24
  • Multiple Updates
2015-02-06 00:19:58
  • First insertion