Executive Summary

Summary
TitleOracle JRE/JDK: Multiple vulnerabilities
Informations
NameGLSA-201401-30First vendor Publication2014-01-27
VendorGentooLast vendor Modification2014-01-27
Severity (Vendor) HighRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.

Background

The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).

Description

Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.

Impact

An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"

All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"

All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"

All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.

NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.

References

[ 1 ] CVE-2011-3563 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201401-30.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201401-30.xml

CWE : Common Weakness Enumeration

%idName
33 %CWE-94Failure to Control Generation of Code ('Code Injection')
22 %CWE-264Permissions, Privileges, and Access Controls
22 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
11 %CWE-310Cryptographic Issues
11 %CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19584
 
Oval ID: oval:org.mitre.oval:def:19584
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2418
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16444
 
Oval ID: oval:org.mitre.oval:def:16444
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2418
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21593
 
Oval ID: oval:org.mitre.oval:def:21593
Title: RHSA-2012:1384: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2012:1384-01
CESA-2012:1384
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 198
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21586
 
Oval ID: oval:org.mitre.oval:def:21586
Title: RHSA-2012:1386: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2012:1386-02
CESA-2012:1386
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
Version: 263
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21422
 
Oval ID: oval:org.mitre.oval:def:21422
Title: RHSA-2012:1385: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2012:1385-00
CESA-2012:1385
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 198
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21199
 
Oval ID: oval:org.mitre.oval:def:21199
Title: RHSA-2012:1391: java-1.7.0-oracle security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2012:1391-01
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5067
CVE-2012-5068
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
Version: 354
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20645
 
Oval ID: oval:org.mitre.oval:def:20645
Title: RHSA-2012:1392: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2012:1392-01
CVE-2012-0547
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 289
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18994
 
Oval ID: oval:org.mitre.oval:def:18994
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5089
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16506
 
Oval ID: oval:org.mitre.oval:def:16506
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5089
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23907
 
Oval ID: oval:org.mitre.oval:def:23907
Title: ELSA-2012:1386: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2012:1386-02
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
Version: 85
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23866
 
Oval ID: oval:org.mitre.oval:def:23866
Title: ELSA-2012:1392: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2012:1392-01
CVE-2012-0547
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 93
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23780
 
Oval ID: oval:org.mitre.oval:def:23780
Title: ELSA-2012:1384: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2012:1384-01
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 65
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23740
 
Oval ID: oval:org.mitre.oval:def:23740
Title: ELSA-2012:1391: java-1.7.0-oracle security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2012:1391-01
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4416
CVE-2012-5067
CVE-2012-5068
CVE-2012-5069
CVE-2012-5070
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5074
CVE-2012-5075
CVE-2012-5076
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5087
CVE-2012-5088
CVE-2012-5089
Version: 113
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-oracle
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22450
 
Oval ID: oval:org.mitre.oval:def:22450
Title: ELSA-2012:1385: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2012:1385-00
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 65
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27810
 
Oval ID: oval:org.mitre.oval:def:27810
Title: DEPRECATED: ELSA-2012-1385 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.28.1.10.10.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.28.1.10.10] - Updated to IcedTea6 1.10.10 - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568
Family: unix Class: patch
Reference(s): ELSA-2012-1385
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27804
 
Oval ID: oval:org.mitre.oval:def:27804
Title: DEPRECATED: ELSA-2012-1384 -- java-1.6.0-openjdk security update (critical)
Description: [1:1.6.0.0-1.50.1.11.5] - Changed permissions of sa-jdi.jar to correct 644 - Resolves: rhbz#865045 [1:1.6.0.0-1.49.1.11.5] - Updated to IcedTea6 1.11.5 - Resolves rhbz#s 856124, 865346, 865348, 865350, 865352, 865354, 865357, 865359, 865363, 865365, 865370, 865428, 865471, 865434, 865511, 865514, 865519, 865531, 865541, 865568
Family: unix Class: patch
Reference(s): ELSA-2012-1384
CVE-2012-3216
CVE-2012-4416
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5077
CVE-2012-5079
CVE-2012-5081
CVE-2012-5084
CVE-2012-5085
CVE-2012-5086
CVE-2012-5089
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20467
 
Oval ID: oval:org.mitre.oval:def:20467
Title: RHSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): RHSA-2013:0770-01
CESA-2013:0770
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 283
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16410
 
Oval ID: oval:org.mitre.oval:def:16410
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2431
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24051
 
Oval ID: oval:org.mitre.oval:def:24051
Title: ELSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): ELSA-2013:0770-01
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 85
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23493
 
Oval ID: oval:org.mitre.oval:def:23493
Title: DEPRECATED: ELSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): ELSA-2013:0770-01
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 86
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19605
 
Oval ID: oval:org.mitre.oval:def:19605
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2468
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19478
 
Oval ID: oval:org.mitre.oval:def:19478
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2468
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17206
 
Oval ID: oval:org.mitre.oval:def:17206
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2468
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19704
 
Oval ID: oval:org.mitre.oval:def:19704
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2420
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19354
 
Oval ID: oval:org.mitre.oval:def:19354
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2420
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16597
 
Oval ID: oval:org.mitre.oval:def:16597
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before and 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2420
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22106
 
Oval ID: oval:org.mitre.oval:def:22106
Title: Vulnerability in Java SE 6u65, Java SE 7u45 component of Oracle Java SE (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5889
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19549
 
Oval ID: oval:org.mitre.oval:def:19549
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2384
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19341
 
Oval ID: oval:org.mitre.oval:def:19341
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2384
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16549
 
Oval ID: oval:org.mitre.oval:def:16549
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5 Update 41 and earlier can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2384
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16011
 
Oval ID: oval:org.mitre.oval:def:16011
Title: Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: JAX-WS) 7 Update 17 and before. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of Java Runtime Environment accessible data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2415
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27353
 
Oval ID: oval:org.mitre.oval:def:27353
Title: DEPRECATED: ELSA-2013-0770 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.61.1.11.11] - added and applied (temporally) patch10 fixToFontSecurityFix.patch. - fixing regression in fonts introduced by one security patch. - Resolves: rhbz#950386 [1:1.6.0.0-1.60.1.11.11] - added and applied (temporally) one more patch to xalan/xerces privileges - patch9 jaxp-backport-factoryfinder.patch - will be upstreamed - Resolves: rhbz#950386 [1:1.6.0.0-1.59.1.11.11] - Updated to icedtea6 1.11.11 - fixed xalan/xerxes privledges - removed patch 8 - removingOfAarch64.patch.patch - fixed upstream - Resolves: rhbz#950386 [1:1.6.0.0-1.58.1.11.10] - Updated to icedtea6 1.11.10 - rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - excluded aarch64.patch - by patch 8 - removingOfAarch64.patch.patch - Resolves: rhbz#950386
Family: unix Class: patch
Reference(s): ELSA-2013-0770
CVE-2013-2420
CVE-2013-2422
CVE-2013-2429
CVE-2013-2431
CVE-2013-1537
CVE-2013-2419
CVE-2013-2421
CVE-2013-2424
CVE-2013-2426
CVE-2013-2430
CVE-2013-0401
CVE-2013-1518
CVE-2013-2383
CVE-2013-1488
CVE-2013-1558
CVE-2013-1569
CVE-2013-2417
CVE-2013-1557
CVE-2013-2384
CVE-2013-2415
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18219
 
Oval ID: oval:org.mitre.oval:def:18219
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5848
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22135
 
Oval ID: oval:org.mitre.oval:def:22135
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5848
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19886
 
Oval ID: oval:org.mitre.oval:def:19886
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1711
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15996
 
Oval ID: oval:org.mitre.oval:def:15996
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1711
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19553
 
Oval ID: oval:org.mitre.oval:def:19553
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1491
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19482
 
Oval ID: oval:org.mitre.oval:def:19482
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1491
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16663
 
Oval ID: oval:org.mitre.oval:def:16663
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1491
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19718
 
Oval ID: oval:org.mitre.oval:def:19718
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19667
 
Oval ID: oval:org.mitre.oval:def:19667
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19518
 
Oval ID: oval:org.mitre.oval:def:19518
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1571
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17215
 
Oval ID: oval:org.mitre.oval:def:17215
Title: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, 5.0 Update 45 and earlier, and JavaFX 2.2.21 and earlier allows remote attackers to affect integrity via unknown vectors related to Javadoc.
Description: Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1571
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18645
 
Oval ID: oval:org.mitre.oval:def:18645
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5782
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22567
 
Oval ID: oval:org.mitre.oval:def:22567
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5782
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18904
 
Oval ID: oval:org.mitre.oval:def:18904
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5846
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22311
 
Oval ID: oval:org.mitre.oval:def:22311
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and JavaFX 2.2.40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5846
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19499
 
Oval ID: oval:org.mitre.oval:def:19499
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1541
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19070
 
Oval ID: oval:org.mitre.oval:def:19070
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1541
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16384
 
Oval ID: oval:org.mitre.oval:def:16384
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1541
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19570
 
Oval ID: oval:org.mitre.oval:def:19570
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2417
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19524
 
Oval ID: oval:org.mitre.oval:def:19524
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2417
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16446
 
Oval ID: oval:org.mitre.oval:def:16446
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2417
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25988
 
Oval ID: oval:org.mitre.oval:def:25988
Title: SUSE-SU-2013:0934-1 -- Security update for Java 1.4.2
Description: IBM Java 1.4.2 has been updated to SR13-FP17 fixing bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/>
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0934-1
CVE-2013-1491
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2429
CVE-2013-2430
CVE-2013-2394
CVE-2013-2419
CVE-2013-2417
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): Java 1.4.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15728
 
Oval ID: oval:org.mitre.oval:def:15728
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and JavaFX 2.2.7 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0402
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18761
 
Oval ID: oval:org.mitre.oval:def:18761
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5818
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22525
 
Oval ID: oval:org.mitre.oval:def:22525
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5818
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19589
 
Oval ID: oval:org.mitre.oval:def:19589
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2433
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19577
 
Oval ID: oval:org.mitre.oval:def:19577
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2433
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19461
 
Oval ID: oval:org.mitre.oval:def:19461
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2433
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16454
 
Oval ID: oval:org.mitre.oval:def:16454
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and 6 Update 43 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2433
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26021
 
Oval ID: oval:org.mitre.oval:def:26021
Title: SUSE-SU-2013:0835-3 -- Security update for IBM Java
Description: IBM Java 1.6.0 has been updated to SR13-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/>
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0835-3
CVE-2013-2422
CVE-2013-1491
CVE-2013-2435
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2440
CVE-2013-2429
CVE-2013-2430
CVE-2013-1563
CVE-2013-2394
CVE-2013-0401
CVE-2013-2424
CVE-2013-2419
CVE-2013-2417
CVE-2013-2418
CVE-2013-1540
CVE-2013-2433
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25791
 
Oval ID: oval:org.mitre.oval:def:25791
Title: SUSE-SU-2013:0871-1 -- Security update for IBM Java 1.7.0
Description: IBM Java 1.7.0 has been updated to SR4-FP2 which fixes several bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/>
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0871-1
CVE-2013-2422
CVE-2013-1491
CVE-2013-2435
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2440
CVE-2013-2429
CVE-2013-2430
CVE-2013-1563
CVE-2013-2394
CVE-2013-0401
CVE-2013-2424
CVE-2013-2419
CVE-2013-2417
CVE-2013-2418
CVE-2013-1540
CVE-2013-2433
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java 1.7.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25669
 
Oval ID: oval:org.mitre.oval:def:25669
Title: SUSE-SU-2013:0871-2 -- Security update for IBM Java
Description: IBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/>
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0871-2
CVE-2013-2422
CVE-2013-1491
CVE-2013-2435
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2440
CVE-2013-2429
CVE-2013-2430
CVE-2013-1563
CVE-2013-2394
CVE-2013-0401
CVE-2013-2424
CVE-2013-2419
CVE-2013-2417
CVE-2013-2418
CVE-2013-1540
CVE-2013-2433
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25563
 
Oval ID: oval:org.mitre.oval:def:25563
Title: SUSE-SU-2013:0835-2 -- Security update for Java 1.5.0
Description: IBM Java 1.5.0 has been updated to SR13-FP2 which fixes several bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0835-2
CVE-2013-2422
CVE-2013-1491
CVE-2013-2435
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2440
CVE-2013-2429
CVE-2013-2430
CVE-2013-1563
CVE-2013-2394
CVE-2013-0401
CVE-2013-2424
CVE-2013-2419
CVE-2013-2417
CVE-2013-2418
CVE-2013-1540
CVE-2013-2433
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): Java 1.5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25093
 
Oval ID: oval:org.mitre.oval:def:25093
Title: SUSE-SU-2013:0835-1 -- Security update for IBM Java
Description: IBM Java 1.6.0 has been updated to SR13-FP2 fixing bugs and security issues. [http://www.ibm.com/developerworks/java/jdk/alerts/)(http:// www.ibm.com/developerworks/java/jdk/alerts/)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0835-1
CVE-2013-2422
CVE-2013-1491
CVE-2013-2435
CVE-2013-2420
CVE-2013-2432
CVE-2013-1569
CVE-2013-2384
CVE-2013-2383
CVE-2013-1557
CVE-2013-1537
CVE-2013-2440
CVE-2013-2429
CVE-2013-2430
CVE-2013-1563
CVE-2013-2394
CVE-2013-0401
CVE-2013-2424
CVE-2013-2419
CVE-2013-2417
CVE-2013-2418
CVE-2013-1540
CVE-2013-2433
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): IBM Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19726
 
Oval ID: oval:org.mitre.oval:def:19726
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1500
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19663
 
Oval ID: oval:org.mitre.oval:def:19663
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1500
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17221
 
Oval ID: oval:org.mitre.oval:def:17221
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1500
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25907
 
Oval ID: oval:org.mitre.oval:def:25907
Title: SUSE-SU-2013:1255-1 -- Security update for java-1_6_0-ibm
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25834
 
Oval ID: oval:org.mitre.oval:def:25834
Title: SUSE-SU-2013:1264-1 -- Security update for java-1_4_2-ibm
Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1264-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2456
CVE-2013-2447
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): java-1_4_2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25783
 
Oval ID: oval:org.mitre.oval:def:25783
Title: SUSE-SU-2013:1293-2 -- Security update for IBM Java 1.4.2
Description: IBM Java 1.4.2 has been updated to SR13-FP18 to fix bugs and security issues: CVE-2013-3009, CVE-2013-3011, CVE-2013-3012, CVE-2013-2469, CVE-2013-2465, CVE-2013-2464, CVE-2013-2463, CVE-2013-2473, CVE-2013-2472, CVE-2013-2471, CVE-2013-2470, CVE-2013-2459, CVE-2013-2456, CVE-2013-2447, CVE-2013-2452, CVE-2013-2446, CVE-2013-2450, CVE-2013-1500 Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also following bug has been fixed: * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1293-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2456
CVE-2013-2447
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Product(s): IBM Java 1.4.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25772
 
Oval ID: oval:org.mitre.oval:def:25772
Title: SUSE-SU-2013:1263-2 -- Security update for java-1_5_0-ibm
Description: IBM Java 1.5.0 was updated to SR16-FP3 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1263-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-3743
CVE-2013-2448
CVE-2013-2454
CVE-2013-2456
CVE-2013-2457
CVE-2013-2455
CVE-2013-2443
CVE-2013-2447
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): java-1_5_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25758
 
Oval ID: oval:org.mitre.oval:def:25758
Title: SUSE-SU-2013:1257-1 -- Security update for java-1_7_0-ibm
Description: IBM Java 1.7.0 has been updated to SR5 to fix bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1257-1
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-2462
CVE-2013-2460
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2458
CVE-2013-3744
CVE-2013-2400
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2449
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_7_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25723
 
Oval ID: oval:org.mitre.oval:def:25723
Title: SUSE-SU-2013:1255-2 -- Security update for java-1_6_0-ibm
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-2
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25638
 
Oval ID: oval:org.mitre.oval:def:25638
Title: SUSE-SU-2013:1305-1 -- Security update for IBM Java 1.6.0
Description: IBM Java 1.6.0 has been updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034) * check if installed qa_filelist is not empty (bnc#831936)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1305-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): IBM Java 1.6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25636
 
Oval ID: oval:org.mitre.oval:def:25636
Title: SUSE-SU-2013:1255-3 -- Security update for IBM Java 1.6.0
Description: IBM Java 1.6.0 was updated to SR14 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bugs have been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1255-3
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2468
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-2466
CVE-2013-3743
CVE-2013-2448
CVE-2013-2442
CVE-2013-2407
CVE-2013-2454
CVE-2013-2456
CVE-2013-2453
CVE-2013-2457
CVE-2013-2455
CVE-2013-2412
CVE-2013-2443
CVE-2013-2447
CVE-2013-2437
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-2451
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): IBM Java 1.6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25263
 
Oval ID: oval:org.mitre.oval:def:25263
Title: SUSE-SU-2013:1263-1 -- Security update for java-1_5_0-ibm
Description: IBM Java 1.5.0 has been updated to SR16-FP3 to fix bugs and security issues. Please see also http://www.ibm.com/developerworks/java/jdk/alerts/ <http://www.ibm.com/developerworks/java/jdk/alerts/> Also the following bug has been fixed: * add Europe/Busingen to tzmappings (bnc#817062) * mark files in jre/bin and bin/ as executable (bnc#823034)
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1263-1
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-4002
CVE-2013-2469
CVE-2013-2465
CVE-2013-2464
CVE-2013-2463
CVE-2013-2473
CVE-2013-2472
CVE-2013-2471
CVE-2013-2470
CVE-2013-2459
CVE-2013-3743
CVE-2013-2448
CVE-2013-2454
CVE-2013-2456
CVE-2013-2457
CVE-2013-2455
CVE-2013-2443
CVE-2013-2447
CVE-2013-2444
CVE-2013-2452
CVE-2013-2446
CVE-2013-2450
CVE-2013-1571
CVE-2013-1500
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): java-1_5_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19692
 
Oval ID: oval:org.mitre.oval:def:19692
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19669
 
Oval ID: oval:org.mitre.oval:def:19669
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19632
 
Oval ID: oval:org.mitre.oval:def:19632
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2448
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17052
 
Oval ID: oval:org.mitre.oval:def:17052
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2448
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16464
 
Oval ID: oval:org.mitre.oval:def:16464
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2416
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16536
 
Oval ID: oval:org.mitre.oval:def:16536
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2427
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19641
 
Oval ID: oval:org.mitre.oval:def:19641
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0401
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19463
 
Oval ID: oval:org.mitre.oval:def:19463
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0401
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16297
 
Oval ID: oval:org.mitre.oval:def:16297
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data.
Description: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0401
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16668
 
Oval ID: oval:org.mitre.oval:def:16668
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5074
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19283
 
Oval ID: oval:org.mitre.oval:def:19283
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2012-5073
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16466
 
Oval ID: oval:org.mitre.oval:def:16466
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2012-5073
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21447
 
Oval ID: oval:org.mitre.oval:def:21447
Title: RHSA-2012:1238: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): RHSA-2012:1238-01
CVE-2012-0551
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1721
CVE-2012-1722
CVE-2012-1725
Version: 122
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21403
 
Oval ID: oval:org.mitre.oval:def:21403
Title: RHSA-2012:0734: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): RHSA-2012:0734-02
CVE-2012-0551
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1721
CVE-2012-1722
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 159
Platform(s): Red Hat Enterprise Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21334
 
Oval ID: oval:org.mitre.oval:def:21334
Title: RHSA-2012:1245: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): RHSA-2012:1245-01
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1725
Version: 83
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21309
 
Oval ID: oval:org.mitre.oval:def:21309
Title: RHSA-2012:0729: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): RHSA-2012:0729-01
CESA-2012:0729
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 120
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21176
 
Oval ID: oval:org.mitre.oval:def:21176
Title: RHSA-2012:0730: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): RHSA-2012:0730-00
CESA-2012:0730
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 120
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19863
 
Oval ID: oval:org.mitre.oval:def:19863
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1725
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18173
 
Oval ID: oval:org.mitre.oval:def:18173
Title: DSA-2507-1 openjdk-6 - several
Description: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
Family: unix Class: patch
Reference(s): DSA-2507-1
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16513
 
Oval ID: oval:org.mitre.oval:def:16513
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Hotspot) 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1725
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23824
 
Oval ID: oval:org.mitre.oval:def:23824
Title: ELSA-2012:1245: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): ELSA-2012:1245-01
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1725
Version: 29
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23688
 
Oval ID: oval:org.mitre.oval:def:23688
Title: ELSA-2012:1238: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): ELSA-2012:1238-01
CVE-2012-0551
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1721
CVE-2012-1722
CVE-2012-1725
Version: 41
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23612
 
Oval ID: oval:org.mitre.oval:def:23612
Title: ELSA-2012:0729: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): ELSA-2012:0729-01
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 41
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23296
 
Oval ID: oval:org.mitre.oval:def:23296
Title: ELSA-2012:0730: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): ELSA-2012:0730-00
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 41
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23195
 
Oval ID: oval:org.mitre.oval:def:23195
Title: ELSA-2012:0734: java-1.6.0-sun security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Family: unix Class: patch
Reference(s): ELSA-2012:0734-02
CVE-2012-0551
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1721
CVE-2012-1722
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 53
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27766
 
Oval ID: oval:org.mitre.oval:def:27766
Title: DEPRECATED: ELSA-2012-0729 -- java-1.6.0-openjdk security update (critical)
Description: [1:1.6.0.0-1.48.1.11.3] - Access gnome bridge jar is forced to have 644 permissions - Resolves: rhbz#828751 [1:1.6.0.0-1.47.1.11.3] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828751 [1:1.6.0.0-1.46.1.11.3] - Sync with 6.3: - Bump to IcedTea6 1.11.3 - With removed patch8 - java-1.6.0-openjdk-jirafix_2820_2821.patch - Including patch7 - java-1.6.0-openjdk-jstack.patch - Including patch3, java-1.6.0-openjdk-java-access-bridge-security.patch modification - Resolves: rhbz#828751
Family: unix Class: patch
Reference(s): ELSA-2012-0729
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27591
 
Oval ID: oval:org.mitre.oval:def:27591
Title: DEPRECATED: ELSA-2012-0730 -- java-1.6.0-openjdk security update (important)
Description: [1.6.0.0-1.27.1.10.8.0.1.el5_8] - Add oracle-enterprise.patch [1:1.6.0.0-1.27.1.10.8] - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added also to package.definition - Resolves: rhbz#828749 [1:1.6.0.0-1.26.1.10.8] - Updated to IcedTea6 1.10.8 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patch: - com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils. - packages added to patch - Resolves: rhbz#828749
Family: unix Class: patch
Reference(s): ELSA-2012-0730
CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19656
 
Oval ID: oval:org.mitre.oval:def:19656
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2424
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19594
 
Oval ID: oval:org.mitre.oval:def:19594
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2424
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16314
 
Oval ID: oval:org.mitre.oval:def:16314
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2424
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22245
 
Oval ID: oval:org.mitre.oval:def:22245
Title: Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5878
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24275
 
Oval ID: oval:org.mitre.oval:def:24275
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5878
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21198
 
Oval ID: oval:org.mitre.oval:def:21198
Title: RHSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): RHSA-2013:1505-00
CESA-2013:1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 367
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19566
 
Oval ID: oval:org.mitre.oval:def:19566
Title: USN-2033-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2033-1
CVE-2013-3829
CVE-2013-5783
CVE-2013-5804
CVE-2013-4002
CVE-2013-5803
CVE-2013-5823
CVE-2013-5825
CVE-2013-5772
CVE-2013-5774
CVE-2013-5784
CVE-2013-5797
CVE-2013-5820
CVE-2013-5778
CVE-2013-5780
CVE-2013-5790
CVE-2013-5840
CVE-2013-5849
CVE-2013-5851
CVE-2013-5782
CVE-2013-5802
CVE-2013-5809
CVE-2013-5829
CVE-2013-5814
CVE-2013-5817
CVE-2013-5830
CVE-2013-5842
CVE-2013-5850
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19150
 
Oval ID: oval:org.mitre.oval:def:19150
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5850
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22570
 
Oval ID: oval:org.mitre.oval:def:22570
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5850
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23949
 
Oval ID: oval:org.mitre.oval:def:23949
Title: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 109
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23260
 
Oval ID: oval:org.mitre.oval:def:23260
Title: DEPRECATED: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 110
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27040
 
Oval ID: oval:org.mitre.oval:def:27040
Title: DEPRECATED: ELSA-2013-1505 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618
Family: unix Class: patch
Reference(s): ELSA-2013-1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19568
 
Oval ID: oval:org.mitre.oval:def:19568
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2407
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18622
 
Oval ID: oval:org.mitre.oval:def:18622
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2407
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17195
 
Oval ID: oval:org.mitre.oval:def:17195
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2407
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19918
 
Oval ID: oval:org.mitre.oval:def:19918
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1533
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16648
 
Oval ID: oval:org.mitre.oval:def:16648
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1533
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19020
 
Oval ID: oval:org.mitre.oval:def:19020
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22202
 
Oval ID: oval:org.mitre.oval:def:22202
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19676
 
Oval ID: oval:org.mitre.oval:def:19676
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19643
 
Oval ID: oval:org.mitre.oval:def:19643
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19267
 
Oval ID: oval:org.mitre.oval:def:19267
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2456
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17294
 
Oval ID: oval:org.mitre.oval:def:17294
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Serialization.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2456
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16264
 
Oval ID: oval:org.mitre.oval:def:16264
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0448
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21989
 
Oval ID: oval:org.mitre.oval:def:21989
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0410
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21074
 
Oval ID: oval:org.mitre.oval:def:21074
Title: RHSA-2013:0751: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.
Family: unix Class: patch
Reference(s): RHSA-2013:0751-01
CESA-2013:0751
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2423
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
CVE-2013-2436
Version: 311
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16540
 
Oval ID: oval:org.mitre.oval:def:16540
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2436
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24006
 
Oval ID: oval:org.mitre.oval:def:24006
Title: ELSA-2013:0751: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert.
Family: unix Class: patch
Reference(s): ELSA-2013:0751-01
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2423
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
CVE-2013-2436
Version: 93
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19470
 
Oval ID: oval:org.mitre.oval:def:19470
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19407
 
Oval ID: oval:org.mitre.oval:def:19407
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19237
 
Oval ID: oval:org.mitre.oval:def:19237
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2454
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17236
 
Oval ID: oval:org.mitre.oval:def:17236
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality and integrity via vectors related to JDBC.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2454
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19655
 
Oval ID: oval:org.mitre.oval:def:19655
Title: HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19517
 
Oval ID: oval:org.mitre.oval:def:19517
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19348
 
Oval ID: oval:org.mitre.oval:def:19348
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: unix Class: vulnerability
Reference(s): CVE-2013-2470
Version: 13
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16806
 
Oval ID: oval:org.mitre.oval:def:16806
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2470
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19388
 
Oval ID: oval:org.mitre.oval:def:19388
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1485
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23803
 
Oval ID: oval:org.mitre.oval:def:23803
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1485
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16531
 
Oval ID: oval:org.mitre.oval:def:16531
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JavaFX) 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1479
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19378
 
Oval ID: oval:org.mitre.oval:def:19378
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2462
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17257
 
Oval ID: oval:org.mitre.oval:def:17257
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2462
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21079
 
Oval ID: oval:org.mitre.oval:def:21079
Title: RHSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): RHSA-2013:0587-01
CESA-2013:0587
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 45
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20786
 
Oval ID: oval:org.mitre.oval:def:20786
Title: VMware vSphere, ESX and ESXi updates to third party libraries
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19608
 
Oval ID: oval:org.mitre.oval:def:19608
Title: Multiple OpenSSL vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19540
 
Oval ID: oval:org.mitre.oval:def:19540
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19428
 
Oval ID: oval:org.mitre.oval:def:19428
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19424
 
Oval ID: oval:org.mitre.oval:def:19424
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19016
 
Oval ID: oval:org.mitre.oval:def:19016
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18841
 
Oval ID: oval:org.mitre.oval:def:18841
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18565
 
Oval ID: oval:org.mitre.oval:def:18565
Title: DSA-2621-1 openssl - several vulnerabilities
Description: Multiple vulnerabilities have been found in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2621-1
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18302
 
Oval ID: oval:org.mitre.oval:def:18302
Title: USN-1732-1 -- openssl vulnerabilities
Description: Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-1732-1
CVE-2012-2686
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23909
 
Oval ID: oval:org.mitre.oval:def:23909
Title: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 17
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23489
 
Oval ID: oval:org.mitre.oval:def:23489
Title: DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 18
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24405
 
Oval ID: oval:org.mitre.oval:def:24405
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24938
 
Oval ID: oval:org.mitre.oval:def:24938
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26214
 
Oval ID: oval:org.mitre.oval:def:26214
Title: SUSE-SU-2013:0328-1 -- Security update for Java
Description: java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0328-1
CVE-2013-1486
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25811
 
Oval ID: oval:org.mitre.oval:def:25811
Title: SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description: IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-1
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_7_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25236
 
Oval ID: oval:org.mitre.oval:def:25236
Title: SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description: IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-2
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27605
 
Oval ID: oval:org.mitre.oval:def:27605
Title: DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description: [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family: unix Class: patch
Reference(s): ELSA-2013-0587
CVE-2013-0166
CVE-2012-4929
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27551
 
Oval ID: oval:org.mitre.oval:def:27551
Title: DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family: unix Class: patch
Reference(s): ELSA-2013-0275
CVE-2013-1485
CVE-2013-1484
CVE-2013-1486
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22192
 
Oval ID: oval:org.mitre.oval:def:22192
Title: Vulnerability in Java SE component of Oracle Java SE 6u65 and Java SE 7u45 (subcomponent: Deployment)
Description: Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410, CVE-2014-0418, and CVE-2014-0424.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0415
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16667
 
Oval ID: oval:org.mitre.oval:def:16667
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2414
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19720
 
Oval ID: oval:org.mitre.oval:def:19720
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1719
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16312
 
Oval ID: oval:org.mitre.oval:def:16312
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
Family: windows Class: vulnerability
Reference(s): CVE-2012-1719
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19554
 
Oval ID: oval:org.mitre.oval:def:19554
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2394
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19500
 
Oval ID: oval:org.mitre.oval:def:19500
Title: HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
Family: unix Class: vulnerability
Reference(s): CVE-2013-2394
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16162
 
Oval ID: oval:org.mitre.oval:def:16162
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before, 5.0 Update 41 and before and JavaFX 2.2.7 and before. Very difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
Family: windows Class: vulnerability
Reference(s): CVE-2013-2394
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19813
 
Oval ID: oval:org.mitre.oval:def:19813
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3563
Version: 10
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14942
 
Oval ID: oval:org.mitre.oval:def:14942
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3563
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21962
 
Oval ID: oval:org.mitre.oval:def:21962
Title: Vulnerability in Java SE 7u45 and JavaFX 2.2.45 component of Oracle Java SE (subcomponent: JavaFX)
Description: Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5870
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
Definition Synopsis: