Executive Summary

Summary
Title java-1.7.0-openjdk security update
Informations
Name RHSA-2013:0275 First vendor Publication 2013-02-20
Vendor RedHat Last vendor Modification 2013-02-20
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484)

An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485)

It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169)

This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information.

All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-0275.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18302
 
Oval ID: oval:org.mitre.oval:def:18302
Title: USN-1732-1 -- openssl vulnerabilities
Description: Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-1732-1
CVE-2012-2686
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18565
 
Oval ID: oval:org.mitre.oval:def:18565
Title: DSA-2621-1 openssl - several vulnerabilities
Description: Multiple vulnerabilities have been found in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2621-1
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18841
 
Oval ID: oval:org.mitre.oval:def:18841
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19016
 
Oval ID: oval:org.mitre.oval:def:19016
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19388
 
Oval ID: oval:org.mitre.oval:def:19388
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1485
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19402
 
Oval ID: oval:org.mitre.oval:def:19402
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1486
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19424
 
Oval ID: oval:org.mitre.oval:def:19424
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19428
 
Oval ID: oval:org.mitre.oval:def:19428
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19469
 
Oval ID: oval:org.mitre.oval:def:19469
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1486
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19508
 
Oval ID: oval:org.mitre.oval:def:19508
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1484
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19540
 
Oval ID: oval:org.mitre.oval:def:19540
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19608
 
Oval ID: oval:org.mitre.oval:def:19608
Title: Multiple OpenSSL vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20575
 
Oval ID: oval:org.mitre.oval:def:20575
Title: RHSA-2013:0274: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2013:0274-00
CESA-2013:0274
CVE-2013-0169
CVE-2013-1486
Version: 31
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20766
 
Oval ID: oval:org.mitre.oval:def:20766
Title: RHSA-2013:0273: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2013:0273-01
CESA-2013:0273
CVE-2013-0169
CVE-2013-1486
Version: 31
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20778
 
Oval ID: oval:org.mitre.oval:def:20778
Title: RHSA-2013:0275: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): RHSA-2013:0275-01
CESA-2013:0275
CVE-2013-0169
CVE-2013-1484
CVE-2013-1485
CVE-2013-1486
Version: 59
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20786
 
Oval ID: oval:org.mitre.oval:def:20786
Title: VMware vSphere, ESX and ESXi updates to third party libraries
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21079
 
Oval ID: oval:org.mitre.oval:def:21079
Title: RHSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): RHSA-2013:0587-01
CESA-2013:0587
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 45
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23043
 
Oval ID: oval:org.mitre.oval:def:23043
Title: DEPRECATED: ELSA-2013:0275: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2013:0275-01
CVE-2013-0169
CVE-2013-1484
CVE-2013-1485
CVE-2013-1486
Version: 22
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23321
 
Oval ID: oval:org.mitre.oval:def:23321
Title: ELSA-2013:0274: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2013:0274-00
CVE-2013-0169
CVE-2013-1486
Version: 13
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23489
 
Oval ID: oval:org.mitre.oval:def:23489
Title: DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 18
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23755
 
Oval ID: oval:org.mitre.oval:def:23755
Title: ELSA-2013:0275: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2013:0275-01
CVE-2013-0169
CVE-2013-1484
CVE-2013-1485
CVE-2013-1486
Version: 21
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23803
 
Oval ID: oval:org.mitre.oval:def:23803
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1485
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23891
 
Oval ID: oval:org.mitre.oval:def:23891
Title: ELSA-2013:0273: java-1.6.0-openjdk security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: unix Class: patch
Reference(s): ELSA-2013:0273-01
CVE-2013-0169
CVE-2013-1486
Version: 13
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23909
 
Oval ID: oval:org.mitre.oval:def:23909
Title: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 17
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24141
 
Oval ID: oval:org.mitre.oval:def:24141
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1486
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24250
 
Oval ID: oval:org.mitre.oval:def:24250
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1484
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24405
 
Oval ID: oval:org.mitre.oval:def:24405
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24938
 
Oval ID: oval:org.mitre.oval:def:24938
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25236
 
Oval ID: oval:org.mitre.oval:def:25236
Title: SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description: IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-2
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25811
 
Oval ID: oval:org.mitre.oval:def:25811
Title: SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description: IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-1
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_7_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26214
 
Oval ID: oval:org.mitre.oval:def:26214
Title: SUSE-SU-2013:0328-1 -- Security update for Java
Description: java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0328-1
CVE-2013-1486
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27328
 
Oval ID: oval:org.mitre.oval:def:27328
Title: DEPRECATED: ELSA-2013-0274 -- java-1.6.0-openjdk security update (important)
Description: [ 1:1.6.0.0-1.35.1.11.8.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.35.1.11.8] - Rebuild with updated source tarball - Resolves: rhbz#911522 [1:1.6.0.0-1.34.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but valid - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#911522
Family: unix Class: patch
Reference(s): ELSA-2013-0274
CVE-2013-0169
CVE-2013-1486
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27551
 
Oval ID: oval:org.mitre.oval:def:27551
Title: DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family: unix Class: patch
Reference(s): ELSA-2013-0275
CVE-2013-1485
CVE-2013-1484
CVE-2013-1486
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27578
 
Oval ID: oval:org.mitre.oval:def:27578
Title: DEPRECATED: ELSA-2013-0273 -- java-1.6.0-openjdk security update (critical)
Description: [1:1.6.0.0-1.56.1.11.8] - Rebuild with updated sources - Resolves: rhbz#911524 [1:1.6.0.0-1.55.1.11.8] - Updated to icedtea6 1.11.8 - Removed patch9 7201064.patch - Removed patch10 8005615.patch - Removed not-applied patch 6664509.patch - Removed mauve as deadly outdated and run on QA - jtreg kept, useless, but working - Resolves: rhbz#911524
Family: unix Class: patch
Reference(s): ELSA-2013-0273
CVE-2013-0169
CVE-2013-1486
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27605
 
Oval ID: oval:org.mitre.oval:def:27605
Title: DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description: [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family: unix Class: patch
Reference(s): ELSA-2013-0587
CVE-2013-0166
CVE-2012-4929
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 319
Application 31
Application 31
Application 47
Application 22
Application 55
Application 53

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-10-17 IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0040786
2013-09-19 IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE)
Severity : Category I - VMSKEY : V0040371
2013-09-19 IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces...
Severity : Category I - VMSKEY : V0040372
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373
2013-04-11 IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL
Severity : Category I - VMSKEY : V0037605

Snort® IPS/IDS

Date Description
2014-01-10 SSLv3 plaintext recovery attempt
RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.2 plaintext recovery attempt
RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.1 plaintext recovery attempt
RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.0 plaintext recovery attempt
RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2018-09-27 Name : The remote Debian host is missing a security update.
File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO
2016-11-21 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2015-01-13 Name : The remote host has a library installed that is affected by an information di...
File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by an information disclosure vulnerabil...
File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote mail server is affected by an information disclosure vulnerability.
File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-01-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_97fp9.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-10-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO
2013-10-16 Name : The remote database server is affected by multiple vulnerabilities.
File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-19 Name : The remote device is missing a vendor-supplied security patch.
File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-02 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote application server is potentially affected by multiple vulnerabili...
File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-07-10 Name : The remote host has a library installed that is affected by an information di...
File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO
2013-06-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-05-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-04-30 Name : The remote host is affected by multiple vulnerabilities.
File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO
2013-04-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-04-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO
2013-04-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-26 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO
2013-03-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130312.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-8483.nasl - Type : ACT_GATHER_INFO
2013-03-15 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-8495.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0624.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0625.nasl - Type : ACT_GATHER_INFO
2013-03-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO
2013-03-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO
2013-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update13.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_2013-001.nasl - Type : ACT_GATHER_INFO
2013-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote service may be affected by an information disclosure vulnerability.
File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-02-17 11:56:48
  • Multiple Updates
2013-02-21 17:20:39
  • Multiple Updates
2013-02-21 13:20:13
  • Multiple Updates
2013-02-20 13:18:19
  • First insertion