10 - CVE-2014-0428

Executive Summary

Informations
Name	CVE-2014-0428	First vendor Publication	2014-01-15
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21640

Oval ID:	oval:org.mitre.oval:def:21640
Title:	RHSA-2014:0026: java-1.7.0-openjdk security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0026-00 CESA-2014:0026 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	187
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.51-2.4.4.1.el6_5

Definition Id: oval:org.mitre.oval:def:22049

Oval ID:	oval:org.mitre.oval:def:22049
Title:	RHSA-2014:0027: java-1.7.0-openjdk security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0027-00 CESA-2014:0027 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	187
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.7.0-openjdk is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.51-2.4.4.1.el5_10

Definition Id: oval:org.mitre.oval:def:22092

Oval ID:	oval:org.mitre.oval:def:22092
Title:	RHSA-2014:0136: java-1.5.0-ibm security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0136-00 CVE-2013-5907 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	87
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.5.0-ibm is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-accessibility is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.5-1jpp.1.el5_10 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.5.0-ibm is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.5-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:22189

Oval ID:	oval:org.mitre.oval:def:22189
Title:	RHSA-2014:0097: java-1.6.0-openjdk security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0097-00 CESA-2014:0097 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	122
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Operation system section Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND Operation system section Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el6_5

Definition Id: oval:org.mitre.oval:def:22233

Oval ID:	oval:org.mitre.oval:def:22233
Title:	Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2014-0428	Version:	6
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update_56 Determine if the version of Java Runtime Environment is less than 1.5.0:update_56 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_66 Determine if the version of Java Runtime Environment is less than 1.6.0:update_66 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_46 Determine if the version of Java Runtime Environment is less than 1.7.0:update_46 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:22292

Oval ID:	oval:org.mitre.oval:def:22292
Title:	RHSA-2014:0134: java-1.7.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0134-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	207
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.7.0-ibm
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.7.0-ibm is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.6.1-1jpp.1.el5_10 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.7.0-ibm is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-devel is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.6.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:22415

Oval ID:	oval:org.mitre.oval:def:22415
Title:	RHSA-2014:0030: java-1.7.0-oracle security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0030-00 CVE-2013-5870 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5893 CVE-2013-5895 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5904 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0382 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	311
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	java-1.7.0-oracle
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section java-1.7.0-oracle-src is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.51-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:22560

Oval ID:	oval:org.mitre.oval:def:22560
Title:	RHSA-2014:0135: java-1.6.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0135-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	207
Platform(s):	Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section java-1.6.0-ibm is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-accessibility is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.15.1-1jpp.1.el5_10 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages match section java-1.6.0-ibm is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-plugin is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.15.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:23480

Oval ID:	oval:org.mitre.oval:def:23480
Title:	ELSA-2014:0027: java-1.7.0-openjdk security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0027-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	61
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x rpm test java-1.7.0-openjdk is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.51-2.4.4.1.el5_10 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.51-2.4.4.1.el5_10

Definition Id: oval:org.mitre.oval:def:23641

Oval ID:	oval:org.mitre.oval:def:23641
Title:	DEPRECATED: ELSA-2014:0097: java-1.6.0-openjdk security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0097-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	58
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el6_5

Definition Id: oval:org.mitre.oval:def:23883

Oval ID:	oval:org.mitre.oval:def:23883
Title:	ELSA-2014:0026: java-1.7.0-openjdk security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0026-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	61
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-openjdk is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-demo is earlier than 1:1.7.0.51-2.4.4.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 1:1.7.0.51-2.4.4.1.el6_5

Definition Id: oval:org.mitre.oval:def:24037

Oval ID:	oval:org.mitre.oval:def:24037
Title:	ELSA-2014:0135: java-1.6.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0135-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	105
Platform(s):	Oracle Linux 6	Product(s):	java-1.6.0-ibm
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.6.0-ibm-plugin is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-demo is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-jdbc is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-devel is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-javacomm is earlier than 1:1.6.0.15.1-1jpp.1.el6_5 AND java-1.6.0-ibm-src is earlier than 1:1.6.0.15.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24132

Oval ID:	oval:org.mitre.oval:def:24132
Title:	ELSA-2014:0134: java-1.7.0-ibm security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0134-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	105
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-ibm
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-ibm-devel is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-src is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-demo is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-jdbc is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm-plugin is earlier than 1:1.7.0.6.1-1jpp.1.el6_5 AND java-1.7.0-ibm is earlier than 1:1.7.0.6.1-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24172

Oval ID:	oval:org.mitre.oval:def:24172
Title:	ELSA-2014:0030: java-1.7.0-oracle security update (Critical)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0030-00 CVE-2013-5870 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5893 CVE-2013-5895 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5904 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0382 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428	Version:	141
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-oracle
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.7.0-oracle-src is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-plugin is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-javafx is earlier than 1:1.7.0.51-1jpp.1.el6_5 AND java-1.7.0-oracle-devel is earlier than 1:1.7.0.51-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:24180

Oval ID:	oval:org.mitre.oval:def:24180
Title:	ELSA-2014:0097: java-1.6.0-openjdk security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0097-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	57
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el5_10 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el5_10 OR rpm test Oracle Linux 6.x AND rpm test java-1.6.0-openjdk is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-3.1.13.1.el6_5

Definition Id: oval:org.mitre.oval:def:24188

Oval ID:	oval:org.mitre.oval:def:24188
Title:	ELSA-2014:0136: java-1.5.0-ibm security update (Important)
Description:	Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.
Family:	unix	Class:	patch
Reference(s):	ELSA-2014:0136-00 CVE-2013-5907 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	45
Platform(s):	Oracle Linux 6	Product(s):	java-1.5.0-ibm
Definition Synopsis:
Oracle Linux 6.x rpm test java-1.5.0-ibm-plugin is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-demo is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-devel is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-javacomm is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-jdbc is earlier than 1:1.5.0.16.5-1jpp.1.el6_5 AND java-1.5.0-ibm-src is earlier than 1:1.5.0.16.5-1jpp.1.el6_5

Definition Id: oval:org.mitre.oval:def:25455

Oval ID:	oval:org.mitre.oval:def:25455
Title:	SUSE-SU-2014:0215-1 -- Security update for openjdk
Description:	This openjdk update fixes several security issues. For a complete list of fixed vulnerabilities and their description please refer to: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J anuary/025800.html <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014- January/025800.html>
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0215-1 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	3
Platform(s):	SUSE Linux Enterprise Desktop 11	Product(s):	openjdk
Definition Synopsis:
SUSE Linux Enterprise Desktop 11.x is installed Packages match section java-1_7_0-openjdk RPM is earlier than 0:1.7.0.6-0.23.1 AND java-1_7_0-openjdk-demo RPM is earlier than 0:1.7.0.6-0.23.1 AND java-1_7_0-openjdk-devel RPM is earlier than 0:1.7.0.6-0.23.1

Definition Id: oval:org.mitre.oval:def:27081

Oval ID:	oval:org.mitre.oval:def:27081
Title:	DEPRECATED: ELSA-2014-0027 -- java-1.7.0-openjdk security update (important)
Description:	[1.7.0.51-2.4.4.1.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.51-2.4.4.1.el5] - updated to security icedtea 2.4.4 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 1 - build requires: java-devel >= 1:1.6.0 changed java7-devel - Resolves: rhbz#1050192
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0027 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 5.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.51-2.4.4.1.0.1.el5_10 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.51-2.4.4.1.0.1.el5_10 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.51-2.4.4.1.0.1.el5_10 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.51-2.4.4.1.0.1.el5_10 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.51-2.4.4.1.0.1.el5_10

Definition Id: oval:org.mitre.oval:def:27206

Oval ID:	oval:org.mitre.oval:def:27206
Title:	DEPRECATED: ELSA-2014-0026 -- java-1.7.0-openjdk security update (critical)
Description:	[1.7.0.51-2.4.4.1.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.51-2.4.4.1.el6] - restored java7 provides - bumped release (builds exists) - Resolves: rhbz#1050935 [1.7.0.51-2.4.4.0.el6] - updated to security icedtea 2.4.4 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 0 - sync with fedora - added and applied patch411 1029588.patch (rh 1029588) - added aand applied patch410, 1015432 (rh 1015432) - Resolves: rhbz#1050935
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0026 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	java-1.7.0-openjdk
Definition Synopsis:
Oracle Linux 6.x Packages match section java-1.7.0-openjdk is earlier than 0:1.7.0.51-2.4.4.1.0.1.el6_5 AND java-1.7.0-openjdk-demo is earlier than 0:1.7.0.51-2.4.4.1.0.1.el6_5 AND java-1.7.0-openjdk-devel is earlier than 0:1.7.0.51-2.4.4.1.0.1.el6_5 AND java-1.7.0-openjdk-javadoc is earlier than 0:1.7.0.51-2.4.4.1.0.1.el6_5 AND java-1.7.0-openjdk-src is earlier than 0:1.7.0.51-2.4.4.1.0.1.el6_5

Definition Id: oval:org.mitre.oval:def:27408

Oval ID:	oval:org.mitre.oval:def:27408
Title:	DEPRECATED: ELSA-2014-0097 -- java-1.6.0-openjdk security update (important)
Description:	[1:1.6.0.1-3.1.13.0] - updated to icedtea 1.13.1 - http://blog.fuseyism.com/index.php/2014/01/23/security-icedtea-1-12-8-1-13-1-for-openjdk-6-released/ - updated to jdk6, b30, 21_jan_2014 - https://openjdk6.java.net/OpenJDK6-B30-Changes.html - adapted patch7 1.13_fixes.patch - pre 2011 changelog moved to (till now wrong) pre-2009-spec-changelog (rh1043611) - added --disable-system-lcms to configure options to pass build - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#1050190
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-0097 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428	Version:	4
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	java-1.6.0-openjdk
Definition Synopsis:
Oracle Linux 5 release section Oracle Linux 5.x Packages match section java-1.6.0-openjdk is earlier than 0:1.6.0.0-3.1.13.1.0.1.el5_10 AND java-1.6.0-openjdk-demo is earlier than 0:1.6.0.0-3.1.13.1.0.1.el5_10 AND java-1.6.0-openjdk-devel is earlier than 0:1.6.0.0-3.1.13.1.0.1.el5_10 AND java-1.6.0-openjdk-javadoc is earlier than 0:1.6.0.0-3.1.13.1.0.1.el5_10 AND java-1.6.0-openjdk-src is earlier than 0:1.6.0.0-3.1.13.1.0.1.el5_10 AND Oracle Linux 6 release section Oracle Linux 6.x Packages match section java-1.6.0-openjdk is earlier than 0:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-demo is earlier than 0:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-devel is earlier than 0:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-javadoc is earlier than 0:1.6.0.0-3.1.13.1.el6_5 AND java-1.6.0-openjdk-src is earlier than 0:1.6.0.0-3.1.13.1.el6_5

CPE : Common Platform Enumeration

Type	Description	Count
Application	Oracle Jdk cpe:2.3:a:oracle:jdk:1.6.0:update65:::::: cpe:2.3:a:oracle:jdk:1.5.0:update55::::::	2
Application	Oracle Jre cpe:2.3:a:oracle:jre:1.7.0:update45:::::: cpe:2.3:a:oracle:jre:1.6.0:update65:::::: cpe:2.3:a:oracle:jre:1.5.0:update55::::::	3

Information Assurance Vulnerability Management (IAVM)

Date	Description
2014-01-16	IAVM : 2014-A-0010 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0043398

Nessus® Vulnerability Scanner

Date	Description
2015-10-13	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17381.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-07-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO
2014-07-28	Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_jan2014_advisory.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-96.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-95.nasl - Type : ACT_GATHER_INFO
2014-06-03	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO
2014-06-01	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO
2014-05-12	Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12	Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12	Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-04-08	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-2.nasl - Type : ACT_GATHER_INFO
2014-02-28	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-1.nasl - Type : ACT_GATHER_INFO
2014-02-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140213.nasl - Type : ACT_GATHER_INFO
2014-02-18	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140206.nasl - Type : ACT_GATHER_INFO
2014-02-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140205.nasl - Type : ACT_GATHER_INFO
2014-02-05	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-283.nasl - Type : ACT_GATHER_INFO
2014-02-05	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-280.nasl - Type : ACT_GATHER_INFO
2014-02-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0136.nasl - Type : ACT_GATHER_INFO
2014-02-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0135.nasl - Type : ACT_GATHER_INFO
2014-02-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0134.nasl - Type : ACT_GATHER_INFO
2014-01-28	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0097.nasl - Type : ACT_GATHER_INFO
2014-01-28	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0097.nasl - Type : ACT_GATHER_INFO
2014-01-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0097.nasl - Type : ACT_GATHER_INFO
2014-01-28	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140127_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-01-27	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO
2014-01-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-011.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0030.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0027.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0026.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140115_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0027.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0026.nasl - Type : ACT_GATHER_INFO
2014-01-16	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140115_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0027.nasl - Type : ACT_GATHER_INFO
2014-01-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0026.nasl - Type : ACT_GATHER_INFO
2014-01-15	Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_jan_2014_unix.nasl - Type : ACT_GATHER_INFO
2014-01-15	Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_jan_2014.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html
http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402697611681&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://marc.info/?l=bugtraq&m=139402749111889&w=2
http://osvdb.org/101996
http://rhn.redhat.com/errata/RHSA-2014-0026.html
http://rhn.redhat.com/errata/RHSA-2014-0027.html
http://rhn.redhat.com/errata/RHSA-2014-0030.html
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://rhn.redhat.com/errata/RHSA-2014-0134.html
http://rhn.redhat.com/errata/RHSA-2014-0135.html
http://rhn.redhat.com/errata/RHSA-2014-0136.html
http://secunia.com/advisories/56432
http://secunia.com/advisories/56485
http://secunia.com/advisories/56486
http://secunia.com/advisories/56535
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://www.securityfocus.com/bid/64935
http://www.securitytracker.com/id/1029608
http://www.ubuntu.com/usn/USN-2089-1
http://www.ubuntu.com/usn/USN-2124-1
https://access.redhat.com/errata/RHSA-2014:0414
https://bugzilla.redhat.com/show_bug.cgi?id=1051519
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:38:36	Multiple Updates
2022-05-13 21:27:54	Multiple Updates
2021-05-04 12:29:28	Multiple Updates
2021-04-22 01:35:47	Multiple Updates
2020-09-08 17:22:41	Multiple Updates
2020-05-23 00:39:28	Multiple Updates
2019-03-18 12:02:24	Multiple Updates
2018-01-05 09:23:20	Multiple Updates
2016-09-27 09:23:18	Multiple Updates
2016-06-28 22:31:16	Multiple Updates
2016-04-27 00:05:38	Multiple Updates
2015-10-14 13:23:57	Multiple Updates
2014-11-08 13:31:34	Multiple Updates
2014-07-31 13:25:09	Multiple Updates
2014-07-29 13:25:35	Multiple Updates
2014-06-14 13:36:55	Multiple Updates
2014-06-04 13:23:52	Multiple Updates
2014-06-02 13:24:05	Multiple Updates
2014-05-13 13:25:12	Multiple Updates
2014-04-09 13:22:22	Multiple Updates
2014-04-01 14:40:49	Multiple Updates
2014-03-18 13:23:53	Multiple Updates
2014-03-06 13:24:41	Multiple Updates
2014-03-01 13:20:59	Multiple Updates
2014-02-26 13:21:20	Multiple Updates
2014-02-19 13:21:55	Multiple Updates
2014-02-17 11:25:01	Multiple Updates
2014-02-07 13:21:35	Multiple Updates
2014-01-29 21:22:23	Multiple Updates
2014-01-24 13:19:46	Multiple Updates
2014-01-23 21:21:39	Multiple Updates
2014-01-18 00:18:42	Multiple Updates
2014-01-17 13:20:38	Multiple Updates
2014-01-16 21:21:03	Multiple Updates
2014-01-15 21:22:41	First insertion

Global Informations

Type	Count
Oval ID(s)	20
CPE ID(s)	5
Sources(s)	32
IAVM(s)	1
Nessus® Exploit(s)	40

	Related
10	USN-2124-2
10	USN-2124-1
10	USN-2089-1
10	RHSA-2014:0414
10	RHSA-2014:0136
10	RHSA-2014:0135
10	RHSA-2014:0134
10	RHSA-2014:0097
10	RHSA-2014:0030
10	RHSA-2014:0027
10	RHSA-2014:0026
10	MDVSA-2014:011
10	HPSBUX02973 SSR...
10	HPSBUX02972 SSR...
10	GLSA-201401-30
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 15 more Alert(s)

10 - CVE-2014-0428

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU