Executive Summary

Summary
Title Java contains multiple vulnerabilities
Informations
Name VU#858729 First vendor Publication 2013-02-01
Vendor VU-CERT Last vendor Modification 2013-03-18
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#858729

Java contains multiple vulnerabilities

Original Release date: 01 Feb 2013 | Last revised: 18 Mar 2013

Overview

Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The Oracle Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems.

The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document states, "If there is a security manager already installed, this method first calls the security manager's checkPermission method with a RuntimePermission("setSecurityManager") permission to ensure it's safe to replace the existing security manager. This may result in throwing a SecurityException".

By leveraging a number of vulnerabilities, an untrusted Java applet can escalate its privileges to allow full privileges, without requiring code signing. Other vulnerabilities can cause exploitable memory corruption, which could affect Java applets, as well as Java applications, depending on what the Java application does and how it may process untrusted data. Oracle Java 7 Update 11, Java 6 Update 38, and earlier Java versions are affected.

At least one of these vulnerabilities is reportedly being exploited in the wild.

Impact

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for these vulnerabilities. The vulnerabilities that affect server deployments of Java may be exploited by causing a Java server application to process untrusted data.

Solution

Apply an update

These issues are addressed in Java 7 Update 13 and Java 6 Update 39. Please see the Oracle Java SE Critical Patch Update Advisory - February 2013 for more details.

Disable Java in web browsers
Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.

System administrators wishing to deploy Java 7 Update 10 or later with the "Enable Java content in the browser" feature disabled can invoke the Java installer with the WEB_JAVA=0 command-line option. More details are available in the Java documentation.

Restrict access to Java applets

Network administrators unable to disable Java in web browsers may be able to help mitigate this and other Java vulnerabilities by restricting access to Java applets. This may be accomplished by using proxy server rules, for example. Blocking or whitelisting web requests to .jar and .class files can help to prevent Java from being used by untrusted sources. Filtering requests that contain a Java User-Agent header may also be effective. For example, this technique can be used in environments where Java is required on the local intranet. The proxy can be configured to allow Java requests locally, but block them when the destination is a site on the internet.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Inc.Affected-05 Feb 2013
Oracle CorporationAffected-01 Feb 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.7E:H/RL:OF/RC:C
Environmental8.7CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
  • http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html
  • http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showComment=1353874245992#c4794680666510382012
  • http://codeascraft.etsy.com/2013/03/18/java-not-even-once/

Credit

These vulnerabilities were reported by Oracle.

This document was written by Will Dormann.

Other Information

  • CVE IDs:CVE-2012-1541CVE-2012-1543CVE-2012-3213CVE-2012-3342CVE-2012-4301CVE-2012-4305CVE-2013-0351CVE-2013-0409CVE-2013-0419CVE-2013-0423CVE-2013-0424CVE-2013-0425CVE-2013-0426CVE-2013-0427CVE-2013-0428CVE-2013-0429CVE-2013-0430CVE-2013-0431CVE-2013-0432CVE-2013-0433CVE-2013-0434CVE-2013-0435CVE-2013-0436CVE-2013-0437CVE-2013-0438CVE-2013-0439CVE-2013-0440CVE-2013-0441CVE-2013-0442CVE-2013-0443CVE-2013-0444CVE-2013-0445CVE-2013-0446CVE-2013-0447CVE-2013-0448CVE-2013-0449CVE-2013-0450CVE-2013-1472CVE-2013-1473CVE-2013-1474CVE-2013-1475CVE-2013-1476CVE-2013-1477CVE-2013-1478CVE-2013-1479CVE-2013-1480CVE-2013-1481CVE-2013-1482CVE-2013-1483CVE-2013-1489
  • US-CERT Alert:TA13-032A
  • Date Public:01 Feb 2013
  • Date First Published:01 Feb 2013
  • Date Last Updated:18 Mar 2013
  • Document Revision:29

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/858729

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15723
 
Oval ID: oval:org.mitre.oval:def:15723
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0436
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15733
 
Oval ID: oval:org.mitre.oval:def:15733
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1478
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15832
 
Oval ID: oval:org.mitre.oval:def:15832
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0443
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15888
 
Oval ID: oval:org.mitre.oval:def:15888
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0426
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15906
 
Oval ID: oval:org.mitre.oval:def:15906
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1489
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16013
 
Oval ID: oval:org.mitre.oval:def:16013
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0427
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16035
 
Oval ID: oval:org.mitre.oval:def:16035
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0442
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16045
 
Oval ID: oval:org.mitre.oval:def:16045
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1480
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16058
 
Oval ID: oval:org.mitre.oval:def:16058
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0425
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16074
 
Oval ID: oval:org.mitre.oval:def:16074
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1473
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16180
 
Oval ID: oval:org.mitre.oval:def:16180
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an "invalid type case" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2012-4301
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16222
 
Oval ID: oval:org.mitre.oval:def:16222
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1482
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16240
 
Oval ID: oval:org.mitre.oval:def:16240
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0447
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16247
 
Oval ID: oval:org.mitre.oval:def:16247
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0419
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16264
 
Oval ID: oval:org.mitre.oval:def:16264
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0448
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16276
 
Oval ID: oval:org.mitre.oval:def:16276
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1483
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16287
 
Oval ID: oval:org.mitre.oval:def:16287
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3342
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16353
 
Oval ID: oval:org.mitre.oval:def:16353
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0446
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16378
 
Oval ID: oval:org.mitre.oval:def:16378
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1474
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16384
 
Oval ID: oval:org.mitre.oval:def:16384
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1541
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16392
 
Oval ID: oval:org.mitre.oval:def:16392
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue allows remote attackers to execute arbitrary code via vectors related to an "invalid type cast" and exposed native methods in the T2KGlyph class.
Family: windows Class: vulnerability
Reference(s): CVE-2012-4305
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16430
 
Oval ID: oval:org.mitre.oval:def:16430
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1481
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16476
 
Oval ID: oval:org.mitre.oval:def:16476
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0423
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16489
 
Oval ID: oval:org.mitre.oval:def:16489
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAX-WS) 7 through Update 11 and 6 through Update 38, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0435
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16492
 
Oval ID: oval:org.mitre.oval:def:16492
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0437
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16496
 
Oval ID: oval:org.mitre.oval:def:16496
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0428
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16512
 
Oval ID: oval:org.mitre.oval:def:16512
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Scripting) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Family: windows Class: vulnerability
Reference(s): CVE-2012-3213
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16519
 
Oval ID: oval:org.mitre.oval:def:16519
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0424
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16528
 
Oval ID: oval:org.mitre.oval:def:16528
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0434
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16530
 
Oval ID: oval:org.mitre.oval:def:16530
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0409
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16531
 
Oval ID: oval:org.mitre.oval:def:16531
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JavaFX) 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1479
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16537
 
Oval ID: oval:org.mitre.oval:def:16537
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0433
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16550
 
Oval ID: oval:org.mitre.oval:def:16550
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0450
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16558
 
Oval ID: oval:org.mitre.oval:def:16558
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0440
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16566
 
Oval ID: oval:org.mitre.oval:def:16566
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0441
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16567
 
Oval ID: oval:org.mitre.oval:def:16567
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0432
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16579
 
Oval ID: oval:org.mitre.oval:def:16579
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0431
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16582
 
Oval ID: oval:org.mitre.oval:def:16582
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0438
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16600
 
Oval ID: oval:org.mitre.oval:def:16600
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Install) 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0430
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16610
 
Oval ID: oval:org.mitre.oval:def:16610
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0449
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16613
 
Oval ID: oval:org.mitre.oval:def:16613
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1475
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16614
 
Oval ID: oval:org.mitre.oval:def:16614
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Beans) 7 through Update 11, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0444
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16620
 
Oval ID: oval:org.mitre.oval:def:16620
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1472
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16649
 
Oval ID: oval:org.mitre.oval:def:16649
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0429
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16652
 
Oval ID: oval:org.mitre.oval:def:16652
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1476
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16657
 
Oval ID: oval:org.mitre.oval:def:16657
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1477
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16673
 
Oval ID: oval:org.mitre.oval:def:16673
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1543
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16680
 
Oval ID: oval:org.mitre.oval:def:16680
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0445
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16703
 
Oval ID: oval:org.mitre.oval:def:16703
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0351
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16705
 
Oval ID: oval:org.mitre.oval:def:16705
Title: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0439
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Product(s): JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18209
 
Oval ID: oval:org.mitre.oval:def:18209
Title: USN-1724-1 -- openjdk-6, openjdk-7 vulnerabilities
Description: Several security issues were fixed in OpenJDK.
Family: unix Class: patch
Reference(s): USN-1724-1
CVE-2012-1541
CVE-2012-3342
CVE-2013-0351
CVE-2013-0419
CVE-2013-0423
CVE-2013-0446
CVE-2012-3213
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0441
CVE-2013-0442
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
CVE-2013-0409
CVE-2013-0434
CVE-2013-0438
CVE-2013-0424
CVE-2013-0427
CVE-2013-0433
CVE-2013-1473
CVE-2013-0432
CVE-2013-0435
CVE-2013-0443
CVE-2013-0440
CVE-2013-0444
CVE-2013-0448
CVE-2013-0449
CVE-2013-1481
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): openjdk-7
openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18597
 
Oval ID: oval:org.mitre.oval:def:18597
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0442
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18641
 
Oval ID: oval:org.mitre.oval:def:18641
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0427
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18845
 
Oval ID: oval:org.mitre.oval:def:18845
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1480
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18869
 
Oval ID: oval:org.mitre.oval:def:18869
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0423
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19010
 
Oval ID: oval:org.mitre.oval:def:19010
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0443
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19048
 
Oval ID: oval:org.mitre.oval:def:19048
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0446
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19070
 
Oval ID: oval:org.mitre.oval:def:19070
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1541
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19078
 
Oval ID: oval:org.mitre.oval:def:19078
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0435
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19097
 
Oval ID: oval:org.mitre.oval:def:19097
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0419
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19102
 
Oval ID: oval:org.mitre.oval:def:19102
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0446
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19114
 
Oval ID: oval:org.mitre.oval:def:19114
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0409
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19119
 
Oval ID: oval:org.mitre.oval:def:19119
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3213
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19121
 
Oval ID: oval:org.mitre.oval:def:19121
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1473
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19123
 
Oval ID: oval:org.mitre.oval:def:19123
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0449
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19126
 
Oval ID: oval:org.mitre.oval:def:19126
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0442
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19131
 
Oval ID: oval:org.mitre.oval:def:19131
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0424
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19170
 
Oval ID: oval:org.mitre.oval:def:19170
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1481
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19171
 
Oval ID: oval:org.mitre.oval:def:19171
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1489
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19181
 
Oval ID: oval:org.mitre.oval:def:19181
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0432
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19198
 
Oval ID: oval:org.mitre.oval:def:19198
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3342
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19199
 
Oval ID: oval:org.mitre.oval:def:19199
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0351
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19229
 
Oval ID: oval:org.mitre.oval:def:19229
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0440
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19238
 
Oval ID: oval:org.mitre.oval:def:19238
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1475
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19240
 
Oval ID: oval:org.mitre.oval:def:19240
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0409
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19245
 
Oval ID: oval:org.mitre.oval:def:19245
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0427
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19261
 
Oval ID: oval:org.mitre.oval:def:19261
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0426
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19266
 
Oval ID: oval:org.mitre.oval:def:19266
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0441
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19268
 
Oval ID: oval:org.mitre.oval:def:19268
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1481
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19271
 
Oval ID: oval:org.mitre.oval:def:19271
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1473
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19272
 
Oval ID: oval:org.mitre.oval:def:19272
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0434
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19274
 
Oval ID: oval:org.mitre.oval:def:19274
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3342
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19282
 
Oval ID: oval:org.mitre.oval:def:19282
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0445
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19285
 
Oval ID: oval:org.mitre.oval:def:19285
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0440
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19286
 
Oval ID: oval:org.mitre.oval:def:19286
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0450
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19288
 
Oval ID: oval:org.mitre.oval:def:19288
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0438
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19289
 
Oval ID: oval:org.mitre.oval:def:19289
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0441
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19300
 
Oval ID: oval:org.mitre.oval:def:19300
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0429
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19304
 
Oval ID: oval:org.mitre.oval:def:19304
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0445
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19325
 
Oval ID: oval:org.mitre.oval:def:19325
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1475
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19342
 
Oval ID: oval:org.mitre.oval:def:19342
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0429
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19349
 
Oval ID: oval:org.mitre.oval:def:19349
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0444
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19351
 
Oval ID: oval:org.mitre.oval:def:19351
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1480
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19363
 
Oval ID: oval:org.mitre.oval:def:19363
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0450
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19372
 
Oval ID: oval:org.mitre.oval:def:19372
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0445
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19382
 
Oval ID: oval:org.mitre.oval:def:19382
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0443
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19383
 
Oval ID: oval:org.mitre.oval:def:19383
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0409
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19397
 
Oval ID: oval:org.mitre.oval:def:19397
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0440
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19403
 
Oval ID: oval:org.mitre.oval:def:19403
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0437
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19405
 
Oval ID: oval:org.mitre.oval:def:19405
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0433
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19418
 
Oval ID: oval:org.mitre.oval:def:19418
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0431
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19423
 
Oval ID: oval:org.mitre.oval:def:19423
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0424
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19425
 
Oval ID: oval:org.mitre.oval:def:19425
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0423
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19426
 
Oval ID: oval:org.mitre.oval:def:19426
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0432
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19429
 
Oval ID: oval:org.mitre.oval:def:19429
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1478
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19430
 
Oval ID: oval:org.mitre.oval:def:19430
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0434
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19434
 
Oval ID: oval:org.mitre.oval:def:19434
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0442
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19437
 
Oval ID: oval:org.mitre.oval:def:19437
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0443
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19439
 
Oval ID: oval:org.mitre.oval:def:19439
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0351
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19454
 
Oval ID: oval:org.mitre.oval:def:19454
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1478
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19457
 
Oval ID: oval:org.mitre.oval:def:19457
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0429
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19459
 
Oval ID: oval:org.mitre.oval:def:19459
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0433
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19464
 
Oval ID: oval:org.mitre.oval:def:19464
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
Family: unix Class: vulnerability
Reference(s): CVE-2012-3213
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19466
 
Oval ID: oval:org.mitre.oval:def:19466
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Family: unix Class: vulnerability
Reference(s): CVE-2013-1476
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19468
 
Oval ID: oval:org.mitre.oval:def:19468
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0433
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19471
 
Oval ID: oval:org.mitre.oval:def:19471
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0426
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19474
 
Oval ID: oval:org.mitre.oval:def:19474
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0428
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19475
 
Oval ID: oval:org.mitre.oval:def:19475
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Family: unix Class: vulnerability
Reference(s): CVE-2013-1476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19480
 
Oval ID: oval:org.mitre.oval:def:19480
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0428
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19483
 
Oval ID: oval:org.mitre.oval:def:19483
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0425
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19484
 
Oval ID: oval:org.mitre.oval:def:19484
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0426
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19485
 
Oval ID: oval:org.mitre.oval:def:19485
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0438
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19488
 
Oval ID: oval:org.mitre.oval:def:19488
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0427
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19489
 
Oval ID: oval:org.mitre.oval:def:19489
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0432
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19491
 
Oval ID: oval:org.mitre.oval:def:19491
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0428
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19499
 
Oval ID: oval:org.mitre.oval:def:19499
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1541
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19501
 
Oval ID: oval:org.mitre.oval:def:19501
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0419
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19502
 
Oval ID: oval:org.mitre.oval:def:19502
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0425
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19503
 
Oval ID: oval:org.mitre.oval:def:19503
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0425
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19504
 
Oval ID: oval:org.mitre.oval:def:19504
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1480
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19505
 
Oval ID: oval:org.mitre.oval:def:19505
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0434
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19507
 
Oval ID: oval:org.mitre.oval:def:19507
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
Family: unix Class: vulnerability
Reference(s): CVE-2013-1476
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19509
 
Oval ID: oval:org.mitre.oval:def:19509
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0441
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19520
 
Oval ID: oval:org.mitre.oval:def:19520
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
Family: unix Class: vulnerability
Reference(s): CVE-2013-0435
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19522
 
Oval ID: oval:org.mitre.oval:def:19522
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0424
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19529
 
Oval ID: oval:org.mitre.oval:def:19529
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1478
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19572
 
Oval ID: oval:org.mitre.oval:def:19572
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0450
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19593
 
Oval ID: oval:org.mitre.oval:def:19593
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1475
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20157
 
Oval ID: oval:org.mitre.oval:def:20157
Title: RHSA-2013:0246: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): RHSA-2013:0246-00
CESA-2013:0246
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 283
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20598
 
Oval ID: oval:org.mitre.oval:def:20598
Title: RHSA-2013:0236: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: patch
Reference(s): RHSA-2013:0236-01
CVE-2012-1541
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0446
CVE-2013-0450
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
CVE-2013-1481
Version: 423
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20835
 
Oval ID: oval:org.mitre.oval:def:20835
Title: RHSA-2013:0245: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): RHSA-2013:0245-02
CESA-2013:0245
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 283
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20947
 
Oval ID: oval:org.mitre.oval:def:20947
Title: RHSA-2013:0237: java-1.7.0-oracle security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Family: unix Class: patch
Reference(s): RHSA-2013:0237-01
CVE-2012-1541
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0437
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0446
CVE-2013-0448
CVE-2013-0449
CVE-2013-0450
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1479
CVE-2013-1480
CVE-2013-1489
Version: 507
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20981
 
Oval ID: oval:org.mitre.oval:def:20981
Title: RHSA-2013:0247: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): RHSA-2013:0247-01
CESA-2013:0247
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 311
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21002
 
Oval ID: oval:org.mitre.oval:def:21002
Title: RHSA-2012:1467: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): RHSA-2012:1467-01
CVE-2011-3544
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-1718
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4820
CVE-2012-4821
CVE-2012-4822
CVE-2012-4823
CVE-2012-5067
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
CVE-2013-1475
Version: 406
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21011
 
Oval ID: oval:org.mitre.oval:def:21011
Title: RHSA-2012:1466: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): RHSA-2012:1466-01
CVE-2012-0547
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-1682
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-4823
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-1475
Version: 304
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21614
 
Oval ID: oval:org.mitre.oval:def:21614
Title: RHSA-2012:1465: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): RHSA-2012:1465-01
CVE-2012-1531
CVE-2012-3143
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-5069
CVE-2012-5071
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-1475
Version: 200
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22881
 
Oval ID: oval:org.mitre.oval:def:22881
Title: ELSA-2013:0246: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2013:0246-00
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 85
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23216
 
Oval ID: oval:org.mitre.oval:def:23216
Title: ELSA-2013:0236: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Family: unix Class: patch
Reference(s): ELSA-2013:0236-01
CVE-2012-1541
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0446
CVE-2013-0450
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
CVE-2013-1481
Version: 125
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23243
 
Oval ID: oval:org.mitre.oval:def:23243
Title: DEPRECATED: ELSA-2013:0247: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2013:0247-01
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 94
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23342
 
Oval ID: oval:org.mitre.oval:def:23342
Title: ELSA-2012:1466: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): ELSA-2012:1466-01
CVE-2012-0547
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-1682
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-4823
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-1475
Version: 97
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23437
 
Oval ID: oval:org.mitre.oval:def:23437
Title: ELSA-2012:1465: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): ELSA-2012:1465-01
CVE-2012-1531
CVE-2012-3143
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-5069
CVE-2012-5071
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-1475
Version: 65
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23784
 
Oval ID: oval:org.mitre.oval:def:23784
Title: ELSA-2013:0237: java-1.7.0-oracle security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Family: unix Class: patch
Reference(s): ELSA-2013:0237-01
CVE-2012-1541
CVE-2012-3213
CVE-2012-3342
CVE-2013-0351
CVE-2013-0409
CVE-2013-0419
CVE-2013-0423
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0430
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0437
CVE-2013-0438
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0446
CVE-2013-0448
CVE-2013-0449
CVE-2013-0450
CVE-2013-1473
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1479
CVE-2013-1480
CVE-2013-1489
Version: 149
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23893
 
Oval ID: oval:org.mitre.oval:def:23893
Title: ELSA-2012:1467: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
Family: unix Class: patch
Reference(s): ELSA-2012:1467-01
CVE-2011-3544
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-1718
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4820
CVE-2012-4821
CVE-2012-4822
CVE-2012-4823
CVE-2012-5067
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
CVE-2013-1475
Version: 129
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23933
 
Oval ID: oval:org.mitre.oval:def:23933
Title: ELSA-2013:0245: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2013:0245-02
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 85
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24063
 
Oval ID: oval:org.mitre.oval:def:24063
Title: ELSA-2013:0247: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
Family: unix Class: patch
Reference(s): ELSA-2013:0247-01
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0431
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0444
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 93
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25292
 
Oval ID: oval:org.mitre.oval:def:25292
Title: SUSE-SU-2013:0456-4 -- Security update for Java
Description: IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0456-4
CVE-2013-1487
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-0441
CVE-2013-1476
CVE-2012-1541
CVE-2013-0446
CVE-2012-3342
CVE-2013-0442
CVE-2013-0450
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2012-3213
CVE-2013-1481
CVE-2013-0419
CVE-2013-0423
CVE-2013-0351
CVE-2013-0432
CVE-2013-1473
CVE-2013-0435
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0438
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25622
 
Oval ID: oval:org.mitre.oval:def:25622
Title: SUSE-SU-2013:0440-6 -- Security update for Java
Description: IBM Java 5 has been updated to SR16 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0440-6
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-1476
CVE-2013-0442
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2013-1481
CVE-2013-0432
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25940
 
Oval ID: oval:org.mitre.oval:def:25940
Title: SUSE-SU-2013:0440-2 -- Security update for Java
Description: IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0440-2
CVE-2013-1478
CVE-2013-1480
CVE-2013-1476
CVE-2013-0442
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2013-1481
CVE-2013-0432
CVE-2013-0434
CVE-2013-0424
CVE-2013-0440
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26028
 
Oval ID: oval:org.mitre.oval:def:26028
Title: SUSE-SU-2013:0456-2 -- Security update for Java
Description: IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0456-2
CVE-2013-1487
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-0441
CVE-2013-1476
CVE-2012-1541
CVE-2013-0446
CVE-2012-3342
CVE-2013-0442
CVE-2013-0450
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2012-3213
CVE-2013-1481
CVE-2013-0419
CVE-2013-0423
CVE-2013-0351
CVE-2013-0432
CVE-2013-1473
CVE-2013-0435
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0438
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26075
 
Oval ID: oval:org.mitre.oval:def:26075
Title: SUSE-SU-2013:0440-4 -- Security update for Java
Description: IBM Java 5 has been updated to SR16 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0440-4
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-1476
CVE-2013-0442
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2013-1481
CVE-2013-0432
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26128
 
Oval ID: oval:org.mitre.oval:def:26128
Title: SUSE-SU-2013:0315-1 -- Security update for Java 1.6.0
Description: java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0315-1
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0429
CVE-2013-0432
CVE-2013-0443
CVE-2013-0440
CVE-2013-0442
CVE-2013-0428
CVE-2013-0441
CVE-2013-0435
CVE-2013-0433
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-0434
CVE-2013-1478
CVE-2013-1480
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): Java 1.6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26262
 
Oval ID: oval:org.mitre.oval:def:26262
Title: SUSE-SU-2013:0440-3 -- Security update for Java
Description: IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0440-3
CVE-2013-1478
CVE-2013-1480
CVE-2013-1476
CVE-2013-0442
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2013-1481
CVE-2013-0432
CVE-2013-0434
CVE-2013-0424
CVE-2013-0440
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26279
 
Oval ID: oval:org.mitre.oval:def:26279
Title: SUSE-SU-2013:0456-3 -- Security update for Java
Description: IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0456-3
CVE-2013-1487
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-0441
CVE-2013-1476
CVE-2012-1541
CVE-2013-0446
CVE-2012-3342
CVE-2013-0442
CVE-2013-0450
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2012-3213
CVE-2013-1481
CVE-2013-0419
CVE-2013-0423
CVE-2013-0351
CVE-2013-0432
CVE-2013-1473
CVE-2013-0435
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0438
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26283
 
Oval ID: oval:org.mitre.oval:def:26283
Title: SUSE-SU-2013:0456-1 -- Security update for Java
Description: IBM Java 6 has been updated to SR13 which fixes various critical security issues and bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0456-1
CVE-2013-1487
CVE-2013-1486
CVE-2013-1478
CVE-2013-0445
CVE-2013-1480
CVE-2013-0441
CVE-2013-1476
CVE-2012-1541
CVE-2013-0446
CVE-2012-3342
CVE-2013-0442
CVE-2013-0450
CVE-2013-0425
CVE-2013-0426
CVE-2013-0428
CVE-2012-3213
CVE-2013-1481
CVE-2013-0419
CVE-2013-0423
CVE-2013-0351
CVE-2013-0432
CVE-2013-1473
CVE-2013-0435
CVE-2013-0434
CVE-2013-0409
CVE-2013-0427
CVE-2013-0433
CVE-2013-0424
CVE-2013-0440
CVE-2013-0438
CVE-2013-0443
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27453
 
Oval ID: oval:org.mitre.oval:def:27453
Title: DEPRECATED: ELSA-2013-0247 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.9-2.3.5.3.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.5.3.el6_3] - Sync logging fixes with upstream (icedtea7-forest and jdk7u) [1.7.0.9-2.3.5.1.el6_3] - Removed 6664509 backout and added 8005615 to fix the issue [1.7.0.9-2.3.5.el6_3.1] - Backed out 6664509 and 7201064.patch which cause regressions [1.7.0.9-2.3.5.el6_3] - Bumped to 2.3.5 - Changed BR to java7-devel >= 1:1.7.0 as required by CORBA changes in 2.3.5 - Resolves: rhbz#906707
Family: unix Class: patch
Reference(s): ELSA-2013-0247
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
CVE-2013-0431
CVE-2013-0444
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27509
 
Oval ID: oval:org.mitre.oval:def:27509
Title: DEPRECATED: ELSA-2013-0246 -- java-1.6.0-openjdk security update (important)
Description: [ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.33.1.11.6] - removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch - added patch9: 7201064.patch to be reverted - added patch10: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906705 [1:1.6.0.0-1.32.1.11.6] - added patch9 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906705 [1:1.6.0.0-1.31.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906705
Family: unix Class: patch
Reference(s): ELSA-2013-0246
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27631
 
Oval ID: oval:org.mitre.oval:def:27631
Title: DEPRECATED: ELSA-2013-0245 -- java-1.6.0-openjdk security update (critical)
Description: [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707
Family: unix Class: patch
Reference(s): ELSA-2013-0245
CVE-2013-0424
CVE-2013-0425
CVE-2013-0426
CVE-2013-0427
CVE-2013-0428
CVE-2013-0429
CVE-2013-0432
CVE-2013-0433
CVE-2013-0434
CVE-2013-0435
CVE-2013-0440
CVE-2013-0441
CVE-2013-0442
CVE-2013-0443
CVE-2013-0445
CVE-2013-0450
CVE-2013-1475
CVE-2013-1476
CVE-2013-1478
CVE-2013-1480
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 12
Application 33
Application 32
Application 90
Application 91

SAINT Exploits

Description Link
Java MBeanInstantiator findClass and Introspector Sandbox Escape More info here

ExploitDB Exploits

id Description
2013-02-25 Java Applet JMX Remote Code Execution

Snort® IPS/IDS

Date Description
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older
RuleID : 30009 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8...
RuleID : 30008 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7...
RuleID : 30007 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6...
RuleID : 30006 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java befor...
RuleID : 30005 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17
RuleID : 30004 - Revision : 3 - Type : EXPLOIT-KIT
2018-06-15 Hello/LightsOut exploit kit payload download attempt
RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit payload download attempt
RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit Java download attempt
RuleID : 30002 - Revision : 3 - Type : EXPLOIT-KIT
2014-04-03 Hello/LightsOut exploit kit landing page detected
RuleID : 30001 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-30 Stamp exploit kit PDF exploit retrieval attempt
RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30 Stamp exploit kit malicious payload download attempt
RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30 Stamp exploit kit jar exploit download - specific structure
RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-30 Stamp exploit kit plugin detection page
RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-11 Neutrino exploit kit initial outbound request - generic detection
RuleID : 28911 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request by Java - generic detection
RuleID : 28476 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request - generic detection
RuleID : 28475 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound plugin detection response - generic detection
RuleID : 28474 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28460 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28459 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit landing page
RuleID : 28458 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28457 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28456 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28455 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Nuclear/Magnitude exploit kit Oracle Java exploit download attempt
RuleID : 28414 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Magnitude exploit kit embedded redirection attempt
RuleID : 28413 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Magnitude exploit kit embedded redirection attempt
RuleID : 28412 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28304 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28298 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28275 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28274 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28273 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Magnitude/Nuclear exploit kit landing page
RuleID : 28236 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28214 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Nuclear/Magnitude exploit kit post Java compromise download attempt
RuleID : 28111 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Nuclear/Magnitude exploit kit Oracle Java exploit download attempt
RuleID : 28109 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt
RuleID : 28108 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 28032 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit Oracle Java exploit download attempt
RuleID : 28031 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Magnitude/Popads/Nuclear exploit kit jnlp request
RuleID : 28029 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit outbound request format
RuleID : 27785 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit Oracle Java exploit download attempt
RuleID : 27784 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java Security Slider feature bypass attempt
RuleID : 27766 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10 Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Impact/Stamp exploit kit landing page
RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Impact/Stamp exploit kit landing page
RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java runtime JMX findclass sandbox breach attempt
RuleID : 26588 - Revision : 9 - Type : FILE-JAVA
2014-01-10 Oracle Java runtime JMX findclass sandbox breach attempt
RuleID : 26587 - Revision : 9 - Type : FILE-JAVA
2014-01-10 Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Stamp exploit kit landing page
RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit landing page - specific structure
RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT
2018-06-15 Stamp exploit kit portable executable download
RuleID : 26534-community - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Stamp exploit kit portable executable download
RuleID : 26534 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit redirection page
RuleID : 26100 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit redirection page
RuleID : 26099 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit Java archive transfer
RuleID : 26098 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit Java archive transfer
RuleID : 26097 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit landing page
RuleID : 26096 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Neutrino exploit kit landing page
RuleID : 26095 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit iframe redirection attempt
RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page
RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25832 - Revision : 7 - Type : FILE-JAVA
2014-01-10 Stamp exploit kit encoded portable executable request
RuleID : 25802 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Stamp exploit kit jar file request
RuleID : 25801 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10 Stamp exploit kit Javascript request
RuleID : 25800 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Stamp exploit kit pdf request
RuleID : 25799 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10 Blackhole exploit kit landing page - specific structure
RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java JMX class arbitrary code execution attempt
RuleID : 25472 - Revision : 12 - Type : FILE-JAVA
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page in an email
RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific-structure
RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT

Nessus® Vulnerability Scanner

Date Description
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-165.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-131.nasl - Type : ACT_GATHER_INFO
2014-01-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2014-01-08 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote server is affected by multiple vulnerabilities.
File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-156.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-155.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0245.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0246.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0247.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-8483.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130312.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-8495.nasl - Type : ACT_GATHER_INFO
2013-03-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-8481.nasl - Type : ACT_GATHER_INFO
2013-03-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-130306.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0624.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0625.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_feb_2013_unix.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-130212.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_2013-001.nasl - Type : ACT_GATHER_INFO
2013-02-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1724-1.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130205_jdk_1_6_0_on_SL_5_0.nasl - Type : ACT_GATHER_INFO
2013-02-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-010.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2209.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2188.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2205.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2197.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130208_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130208_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130208_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO
2013-02-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO
2013-02-06 Name : The remote Fedora host is missing a security update.
File : fedora_2013-1898.nasl - Type : ACT_GATHER_INFO
2013-02-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0236.nasl - Type : ACT_GATHER_INFO
2013-02-05 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update12.nasl - Type : ACT_GATHER_INFO
2013-02-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0237.nasl - Type : ACT_GATHER_INFO
2013-02-04 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_feb_2013.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1485.nasl - Type : ACT_GATHER_INFO
2013-01-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO
2012-11-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1467.nasl - Type : ACT_GATHER_INFO
2012-11-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1466.nasl - Type : ACT_GATHER_INFO
2012-11-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1465.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2014-08-23 13:27:51
  • Multiple Updates
2014-02-17 12:08:13
  • Multiple Updates
2013-03-19 05:19:04
  • Multiple Updates
2013-03-19 05:17:14
  • Multiple Updates
2013-02-06 00:21:28
  • Multiple Updates
2013-02-05 21:19:28
  • Multiple Updates
2013-02-02 00:18:23
  • First insertion