Executive Summary

Summary
Titlejava-1.7.0-openjdk security update
Informations
NameRHSA-2013:1451First vendor Publication2013-10-22
VendorRedHatLast vendor Modification2013-10-22
Severity (Vendor) CriticalRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782)

The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830)

Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838)

Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809)

The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802)

Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)

Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)

It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778)

Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797)

Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780)

The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772)

The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803)

Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.

All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

1018713 - CVE-2013-5803 OpenJDK: insufficient checks of KDC replies (JGSS, 8014341) 1018717 - CVE-2013-5772 OpenJDK: insufficient html escaping in jhat (jhat, 8011081) 1018720 - CVE-2013-5797 OpenJDK: insufficient escaping of window title string (Javadoc, 8016675) 1018727 - CVE-2013-5784 OpenJDK: insufficient InterfaceImplementor security checks (Scripting, 8017299) 1018736 - CVE-2013-5790 OpenJDK: insufficient security checks (Beans, 8012071) 1018750 - CVE-2013-5849 OpenJDK: insufficient DataFlavor security checks (AWT, 8012277) 1018755 - CVE-2013-5800 OpenJDK: default keytab path information leak (JGSS, 8022931) 1018785 - CVE-2013-5780 OpenJDK: key data leak via toString() methods (Libraries, 8011071) 1018831 - CVE-2013-5840 OpenJDK: getDeclaringClass() information leak (Libraries, 8014349) 1018972 - CVE-2013-5820 OpenJDK: insufficient security checks (JAXWS, 8017505) 1018977 - CVE-2013-5851 OpenJDK: XML stream factory finder information leak (JAXP, 8013502) 1018984 - CVE-2013-5778 OpenJDK: image conversion out of bounds read (2D, 8014102) 1019108 - CVE-2013-5782 OpenJDK: Incorrect awt_getPixelByte/awt_getPixelShort/awt_setPixelByte/awt_setPixelShort image raster checks (2D, 8014093) 1019110 - CVE-2013-5830 OpenJDK: checkPackageAccess missing security check (Libraries, 8017291) 1019113 - CVE-2013-5809 OpenJDK: JPEGImageReader and JPEGImageWriter missing band size checks (2D, 8013510) 1019115 - CVE-2013-5829 OpenJDK: Java2d Disposer security bypass (2D, 8017287) 1019117 - CVE-2013-5814 OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157) 1019118 - CVE-2013-5817 OpenJDK: VersionHelper12 does not honor modifyThreadGroup restriction (JNDI, 8013739) 1019123 - CVE-2013-5842 OpenJDK: ObjectInputStream/ObjectOutputStream missing checks (Libraries, 8014987) 1019127 - CVE-2013-5850 OpenJDK: Missing CORBA security checks (Libraries, 8017196) 1019130 - CVE-2013-5802 OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425) 1019131 - CVE-2013-5804 OpenJDK: javac does not ignore certain ignorable characters (Javadoc, 8016653) 1019133 - CVE-2013-3829 OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029) 1019137 - CVE-2013-5783 OpenJDK: JTable not properly performing certain access checks (Swing, 8013744) 1019139 - CVE-2013-5825 OpenJDK: XML parsing Denial of Service (JAXP, 8014530) 1019145 - CVE-2013-5823 OpenJDK: com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream Denial of Service (Security, 8021290) 1019147 - CVE-2013-5774 OpenJDK: Inet6Address class IPv6 address processing errors (Libraries, 8015743) 1019176 - CVE-2013-4002 OpenJDK: XML parsing Denial of Service (JAXP, 8017298) 1019300 - CVE-2013-5838 OpenJDK: Vulnerability in Libraries component (Libraries, 7023639)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-1451.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18645
 
Oval ID: oval:org.mitre.oval:def:18645
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5782
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22567
 
Oval ID: oval:org.mitre.oval:def:22567
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5782
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21219
 
Oval ID: oval:org.mitre.oval:def:21219
Title: RHSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 495
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21196
 
Oval ID: oval:org.mitre.oval:def:21196
Title: RHSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 383
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21131
 
Oval ID: oval:org.mitre.oval:def:21131
Title: RHSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 607
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21576
 
Oval ID: oval:org.mitre.oval:def:21576
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4002
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24095
 
Oval ID: oval:org.mitre.oval:def:24095
Title: ELSA-2013:1059: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1059-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 145
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24028
 
Oval ID: oval:org.mitre.oval:def:24028
Title: ELSA-2013:1081: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1081-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2443
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2450
CVE-2013-2452
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2459
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3009
CVE-2013-3011
CVE-2013-3012
CVE-2013-3743
CVE-2013-4002
Version: 113
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23596
 
Oval ID: oval:org.mitre.oval:def:23596
Title: ELSA-2013:1060: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:1060-01
CVE-2013-1500
CVE-2013-1571
CVE-2013-2400
CVE-2013-2407
CVE-2013-2412
CVE-2013-2437
CVE-2013-2442
CVE-2013-2444
CVE-2013-2446
CVE-2013-2447
CVE-2013-2448
CVE-2013-2449
CVE-2013-2450
CVE-2013-2451
CVE-2013-2452
CVE-2013-2453
CVE-2013-2454
CVE-2013-2455
CVE-2013-2456
CVE-2013-2457
CVE-2013-2458
CVE-2013-2459
CVE-2013-2460
CVE-2013-2462
CVE-2013-2463
CVE-2013-2464
CVE-2013-2465
CVE-2013-2466
CVE-2013-2468
CVE-2013-2469
CVE-2013-2470
CVE-2013-2471
CVE-2013-2472
CVE-2013-2473
CVE-2013-3006
CVE-2013-3007
CVE-2013-3008
CVE-2013-3009
CVE-2013-3010
CVE-2013-3011
CVE-2013-3012
CVE-2013-3744
CVE-2013-4002
Version: 177
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26596
 
Oval ID: oval:org.mitre.oval:def:26596
Title: ELSA-2014-1319 -- xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1319
CVE-2013-4002
Version: 3
Platform(s): Oracle Linux 7
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27229
 
Oval ID: oval:org.mitre.oval:def:27229
Title: RHSA-2014:1319: xerces-j2 security update (Moderate)
Description: Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1319-00
CESA-2014:1319
CVE-2013-4002
Version: 3
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 6
CentOS Linux 7
Product(s): xerces-j2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21198
 
Oval ID: oval:org.mitre.oval:def:21198
Title: RHSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): RHSA-2013:1505-00
CESA-2013:1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 367
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19566
 
Oval ID: oval:org.mitre.oval:def:19566
Title: USN-2033-1 -- openjdk-6 vulnerabilities
Description: Several security issues were fixed in OpenJDK 6.
Family: unix Class: patch
Reference(s): USN-2033-1
CVE-2013-3829
CVE-2013-5783
CVE-2013-5804
CVE-2013-4002
CVE-2013-5803
CVE-2013-5823
CVE-2013-5825
CVE-2013-5772
CVE-2013-5774
CVE-2013-5784
CVE-2013-5797
CVE-2013-5820
CVE-2013-5778
CVE-2013-5780
CVE-2013-5790
CVE-2013-5840
CVE-2013-5849
CVE-2013-5851
CVE-2013-5782
CVE-2013-5802
CVE-2013-5809
CVE-2013-5829
CVE-2013-5814
CVE-2013-5817
CVE-2013-5830
CVE-2013-5842
CVE-2013-5850
Version: 5
Platform(s): Ubuntu 12.04
Ubuntu 10.04
Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19150
 
Oval ID: oval:org.mitre.oval:def:19150
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5850
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22570
 
Oval ID: oval:org.mitre.oval:def:22570
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5850
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23949
 
Oval ID: oval:org.mitre.oval:def:23949
Title: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 109
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23260
 
Oval ID: oval:org.mitre.oval:def:23260
Title: DEPRECATED: ELSA-2013:1505: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: patch
Reference(s): ELSA-2013:1505-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 110
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27040
 
Oval ID: oval:org.mitre.oval:def:27040
Title: DEPRECATED: ELSA-2013-1505 -- java-1.6.0-openjdk security update (important)
Description: [1:1.6.0.0-1.68.1.11.14] - updated to icedtea6-1.11.14.tar.gz - added and applied 1.11.14-fixes.patch, patch10 to fix build issues - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - Resolves: rhbz#1017618 [1:1.6.0.1-1.67.1.13.0] - reverted previous update - Resolves: rhbz#1017618 [1:1.6.0.1-1.66.1.13.0] - updated to icedtea 1.13 - updated to openjdk-6-src-b28-04_oct_2013 - added --disable-lcms2 configure switch to fix tck - removed upstreamed patch7,java-1.6.0-openjdk-jstack.patch - added patch7 1.13_fixes.patch to fix 1.13 build issues - adapted patch0 java-1.6.0-openjdk-optflags.patch - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - adapted patch8 java-1.6.0-openjdk-timezone-id.patch - removed useless runtests parts - included also java.security.old files - Resolves: rhbz#1017618
Family: unix Class: patch
Reference(s): ELSA-2013-1505
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19020
 
Oval ID: oval:org.mitre.oval:def:19020
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22202
 
Oval ID: oval:org.mitre.oval:def:22202
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5778
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18436
 
Oval ID: oval:org.mitre.oval:def:18436
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5842
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22260
 
Oval ID: oval:org.mitre.oval:def:22260
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5842
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19096
 
Oval ID: oval:org.mitre.oval:def:19096
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5830
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22571
 
Oval ID: oval:org.mitre.oval:def:22571
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5830
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19049
 
Oval ID: oval:org.mitre.oval:def:19049
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5784
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22469
 
Oval ID: oval:org.mitre.oval:def:22469
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5784
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18504
 
Oval ID: oval:org.mitre.oval:def:18504
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5809
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22015
 
Oval ID: oval:org.mitre.oval:def:22015
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5809
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19207
 
Oval ID: oval:org.mitre.oval:def:19207
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5802
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22466
 
Oval ID: oval:org.mitre.oval:def:22466
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5802
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21240
 
Oval ID: oval:org.mitre.oval:def:21240
Title: RHSA-2013:1508: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): RHSA-2013:1508-04
CVE-2013-3829
CVE-2013-4041
CVE-2013-5372
CVE-2013-5375
CVE-2013-5457
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 551
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21180
 
Oval ID: oval:org.mitre.oval:def:21180
Title: RHSA-2013:1447: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): RHSA-2013:1447-00
CESA-2013:1447
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 409
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21151
 
Oval ID: oval:org.mitre.oval:def:21151
Title: RHSA-2013:1507: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): RHSA-2013:1507-01
CVE-2013-3829
CVE-2013-4041
CVE-2013-5372
CVE-2013-5375
CVE-2013-5456
CVE-2013-5457
CVE-2013-5458
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5788
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 649
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20895
 
Oval ID: oval:org.mitre.oval:def:20895
Title: RHSA-2013:1451: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): RHSA-2013:1451-00
CESA-2013:1451
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 409
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19061
 
Oval ID: oval:org.mitre.oval:def:19061
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5851
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24011
 
Oval ID: oval:org.mitre.oval:def:24011
Title: ELSA-2013:1508: java-1.6.0-ibm security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): ELSA-2013:1508-04
CVE-2013-3829
CVE-2013-4041
CVE-2013-5372
CVE-2013-5375
CVE-2013-5457
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5789
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 161
Platform(s): Oracle Linux 6
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23954
 
Oval ID: oval:org.mitre.oval:def:23954
Title: ELSA-2013:1451: java-1.7.0-openjdk security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): ELSA-2013:1451-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 121
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23813
 
Oval ID: oval:org.mitre.oval:def:23813
Title: ELSA-2013:1507: java-1.7.0-ibm security update (Critical)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): ELSA-2013:1507-01
CVE-2013-3829
CVE-2013-4041
CVE-2013-5372
CVE-2013-5375
CVE-2013-5456
CVE-2013-5457
CVE-2013-5458
CVE-2013-5772
CVE-2013-5774
CVE-2013-5776
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5787
CVE-2013-5788
CVE-2013-5789
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5812
CVE-2013-5814
CVE-2013-5817
CVE-2013-5818
CVE-2013-5819
CVE-2013-5820
CVE-2013-5823
CVE-2013-5824
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5831
CVE-2013-5832
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5848
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 189
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23587
 
Oval ID: oval:org.mitre.oval:def:23587
Title: ELSA-2013:1447: java-1.7.0-openjdk security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
Family: unix Class: patch
Reference(s): ELSA-2013:1447-00
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 121
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27485
 
Oval ID: oval:org.mitre.oval:def:27485
Title: DEPRECATED: ELSA-2013-1451 -- java-1.7.0-openjdk security update (critical)
Description: [1.7.0.45-2.4.3.2.0.1.el6] - Update DISTRO_NAME in specfile
Family: unix Class: patch
Reference(s): ELSA-2013-1451
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27193
 
Oval ID: oval:org.mitre.oval:def:27193
Title: DEPRECATED: ELSA-2013-1447 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.45-2.4.3.1.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.45-2.4.3.1.el5] - Updated to icedtea 2.4.3 - Resolves: rhbz#1017623 [1.7.0.45-2.4.3.0.el5] - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12: TestCryptoLevel.java - removed upstreamed patch103 java-1.7.0-openjdk-arm-fixes.patch - removed unnecessary patch112 java-1.7.0-openjdk-doNotUseDisabledEcc.patch - added patch120: java-1.7.0-openjdk-freetype-check-fix.patch - fixed nss - cleaned sources - Resolves: rhbz#1017623 [1.7.0.25-2.4.1.4.el5] - updated to icedtea 2.4.1 - improoved handling of patch111 - nss-config-2.patch - backported uniquesuffix from 6.5 - Resolves: rhbz#978421
Family: unix Class: patch
Reference(s): ELSA-2013-1447
CVE-2013-3829
CVE-2013-4002
CVE-2013-5772
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5784
CVE-2013-5790
CVE-2013-5797
CVE-2013-5800
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5820
CVE-2013-5823
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5838
CVE-2013-5840
CVE-2013-5842
CVE-2013-5849
CVE-2013-5850
CVE-2013-5851
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19024
 
Oval ID: oval:org.mitre.oval:def:19024
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5817
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21993
 
Oval ID: oval:org.mitre.oval:def:21993
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5817
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19046
 
Oval ID: oval:org.mitre.oval:def:19046
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5825
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22475
 
Oval ID: oval:org.mitre.oval:def:22475
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5825
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18783
 
Oval ID: oval:org.mitre.oval:def:18783
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5823
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22580
 
Oval ID: oval:org.mitre.oval:def:22580
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5823
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25042
 
Oval ID: oval:org.mitre.oval:def:25042
Title: SUSE-SU-2013:1808-1 -- Security update for OpenJDK 1.6
Description: OpenJDK 1.6 was updated to the new Icedtea release 1.12.7, which includes many fixes for bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1808-1
CVE-2013-3829
CVE-2013-5780
CVE-2013-5772
CVE-2013-5814
CVE-2013-5790
CVE-2013-5849
CVE-2013-5802
CVE-2013-5851
CVE-2013-5809
CVE-2013-5817
CVE-2013-5783
CVE-2013-5782
CVE-2013-5778
CVE-2013-5803
CVE-2013-5840
CVE-2013-5825
CVE-2013-5842
CVE-2013-5774
CVE-2013-5804
CVE-2013-5797
CVE-2013-5850
CVE-2013-5829
CVE-2013-5830
CVE-2013-4002
CVE-2013-5784
CVE-2013-5820
CVE-2013-5823
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): OpenJDK 1.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20642
 
Oval ID: oval:org.mitre.oval:def:20642
Title: RHSA-2013:1509: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Family: unix Class: patch
Reference(s): RHSA-2013:1509-01
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5849
Version: 299
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18971
 
Oval ID: oval:org.mitre.oval:def:18971
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5849
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22527
 
Oval ID: oval:org.mitre.oval:def:22527
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5849
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23748
 
Oval ID: oval:org.mitre.oval:def:23748
Title: ELSA-2013:1509: java-1.5.0-ibm security update (Important)
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
Family: unix Class: patch
Reference(s): ELSA-2013:1509-01
CVE-2013-5774
CVE-2013-5778
CVE-2013-5780
CVE-2013-5782
CVE-2013-5783
CVE-2013-5790
CVE-2013-5797
CVE-2013-5801
CVE-2013-5802
CVE-2013-5803
CVE-2013-5804
CVE-2013-5809
CVE-2013-5814
CVE-2013-5817
CVE-2013-5825
CVE-2013-5829
CVE-2013-5830
CVE-2013-5840
CVE-2013-5842
CVE-2013-5843
CVE-2013-5849
Version: 89
Platform(s): Oracle Linux 6
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19101
 
Oval ID: oval:org.mitre.oval:def:19101
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5780
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22046
 
Oval ID: oval:org.mitre.oval:def:22046
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5780
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19185
 
Oval ID: oval:org.mitre.oval:def:19185
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5814
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22137
 
Oval ID: oval:org.mitre.oval:def:22137
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5814
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19189
 
Oval ID: oval:org.mitre.oval:def:19189
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5829
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21843
 
Oval ID: oval:org.mitre.oval:def:21843
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5829
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18874
 
Oval ID: oval:org.mitre.oval:def:18874
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5803
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22539
 
Oval ID: oval:org.mitre.oval:def:22539
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5803
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19032
 
Oval ID: oval:org.mitre.oval:def:19032
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5774
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22241
 
Oval ID: oval:org.mitre.oval:def:22241
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5774
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19002
 
Oval ID: oval:org.mitre.oval:def:19002
Title: Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3829
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21918
 
Oval ID: oval:org.mitre.oval:def:21918
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-3829
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19088
 
Oval ID: oval:org.mitre.oval:def:19088
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5783
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21978
 
Oval ID: oval:org.mitre.oval:def:21978
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5783
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19093
 
Oval ID: oval:org.mitre.oval:def:19093
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5800
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25719
 
Oval ID: oval:org.mitre.oval:def:25719
Title: SUSE-SU-2013:1666-1 -- Security update for OpenJDK 7
Description: This release updates our OpenJDK 7 support in the 2.4.x series with a number of security fixes and synchronises it with upstream development. The security issues fixed (a long list) can be found in the following link: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-O ctober/025087.html <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013- October/025087.html>
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1666-1
CVE-2013-3829
CVE-2013-5780
CVE-2013-5772
CVE-2013-5814
CVE-2013-5790
CVE-2013-5849
CVE-2013-5802
CVE-2013-5851
CVE-2013-5809
CVE-2013-5817
CVE-2013-5783
CVE-2013-5782
CVE-2013-5778
CVE-2013-5803
CVE-2013-5840
CVE-2013-5825
CVE-2013-5842
CVE-2013-5774
CVE-2013-5804
CVE-2013-5797
CVE-2013-5850
CVE-2013-5829
CVE-2013-5830
CVE-2013-4002
CVE-2013-5784
CVE-2013-5820
CVE-2013-5805
CVE-2013-5806
CVE-2013-5823
CVE-2013-5800
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): OpenJDK 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19206
 
Oval ID: oval:org.mitre.oval:def:19206
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5820
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22256
 
Oval ID: oval:org.mitre.oval:def:22256
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5820
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18733
 
Oval ID: oval:org.mitre.oval:def:18733
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5790
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22463
 
Oval ID: oval:org.mitre.oval:def:22463
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5790
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19141
 
Oval ID: oval:org.mitre.oval:def:19141
Title: Unspecified vulnerability in Oracle Java SE 7u25 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5838
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22455
 
Oval ID: oval:org.mitre.oval:def:22455
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5838
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18990
 
Oval ID: oval:org.mitre.oval:def:18990
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5840
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22237
 
Oval ID: oval:org.mitre.oval:def:22237
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5840
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18956
 
Oval ID: oval:org.mitre.oval:def:18956
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5797
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JavaFX
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21832
 
Oval ID: oval:org.mitre.oval:def:21832
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5797
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25287
 
Oval ID: oval:org.mitre.oval:def:25287
Title: SUSE-SU-2013:1669-1 -- Security update for IBM Java 5
Description: IBM Java 5 SR16-FP4 has been released which fixes lots of bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1669-1
CVE-2013-4041
CVE-2013-5375
CVE-2013-5372
CVE-2013-5843
CVE-2013-5829
CVE-2013-5842
CVE-2013-5782
CVE-2013-5809
CVE-2013-5814
CVE-2013-5802
CVE-2013-5783
CVE-2013-3829
CVE-2013-4002
CVE-2013-5774
CVE-2013-5840
CVE-2013-5801
CVE-2013-5778
CVE-2013-5790
CVE-2013-5780
CVE-2013-5797
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): IBM Java 5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26987
 
Oval ID: oval:org.mitre.oval:def:26987
Title: DEPRECATED: ELSA-2014-0406 -- java-1.7.0-openjdk security update (Critical)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-0406
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2013-5797
Version: 4
Platform(s): Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26920
 
Oval ID: oval:org.mitre.oval:def:26920
Title: DEPRECATED: ELSA-2014-0408 -- java-1.6.0-openjdk security and bug fix update (Important)
Description: The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-0408
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2013-5797
Version: 4
Platform(s): Oracle Linux 6
Oracle Linux 5
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26825
 
Oval ID: oval:org.mitre.oval:def:26825
Title: DEPRECATED: ELSA-2014-0407 -- java-1.7.0-openjdk security update (Important)
Description: The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-0407
CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2402
CVE-2014-2403
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427
CVE-2013-5797
Version: 4
Platform(s): Oracle Linux 5
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19188
 
Oval ID: oval:org.mitre.oval:def:19188
Title: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5804
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
JRockit
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22239
 
Oval ID: oval:org.mitre.oval:def:22239
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5804
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19219
 
Oval ID: oval:org.mitre.oval:def:19219
Title: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
Family: windows Class: vulnerability
Reference(s): CVE-2013-5772
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22176
 
Oval ID: oval:org.mitre.oval:def:22176
Title: HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
Family: unix Class: vulnerability
Reference(s): CVE-2013-5772
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application43
Application16
Application81
Application79
Application43
Application55
Application53

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-10-17IAVM : 2013-A-0191 - Multiple Vulnerabilities in Java for Mac OS X
Severity : Category I - VMSKEY : V0040779
2013-10-17IAVM : 2013-A-0200 - Multiple Vulnerabilities in Oracle Java
Severity : Category I - VMSKEY : V0040783

Snort® IPS/IDS

DateDescription
2016-04-26Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38339 - Revision : 2 - Type : FILE-JAVA
2016-04-26Oracle Java Class Loader namespace sandbox bypass attempt
RuleID : 38338 - Revision : 2 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

DateDescription
2016-06-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL48802597.nasl - Type : ACT_GATHER_INFO
2015-09-14Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16872.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1256-1.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1669-1.nasl - Type : ACT_GATHER_INFO
2014-11-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1818.nasl - Type : ACT_GATHER_INFO
2014-11-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1821.nasl - Type : ACT_GATHER_INFO
2014-11-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1822.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1793.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO
2014-11-06Name : The remote host has a version of Java installed that is affected by multiple ...
File : macosx_java_2014-001.nasl - Type : ACT_GATHER_INFO
2014-11-03Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-436.nasl - Type : ACT_GATHER_INFO
2014-10-02Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-193.nasl - Type : ACT_GATHER_INFO
2014-10-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-30Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-30Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140929_xerces_j2_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-09-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1319.nasl - Type : ACT_GATHER_INFO
2014-09-26Name : The remote Fedora host is missing a security update.
File : fedora_2014-10626.nasl - Type : ACT_GATHER_INFO
2014-09-26Name : The remote Fedora host is missing a security update.
File : fedora_2014-10649.nasl - Type : ACT_GATHER_INFO
2014-09-23Name : The remote Fedora host is missing a security update.
File : fedora_2014-10617.nasl - Type : ACT_GATHER_INFO
2014-08-22Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0675.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0685.nasl - Type : ACT_GATHER_INFO
2014-06-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-847.nasl - Type : ACT_GATHER_INFO
2014-05-29Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_2.nasl - Type : ACT_GATHER_INFO
2014-05-19Name : The remote Windows host has a service installed that is affected by multiple ...
File : websphere_mq_7503.nasl - Type : ACT_GATHER_INFO
2014-05-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-100.nasl - Type : ACT_GATHER_INFO
2014-05-12Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-05-12Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO
2014-04-23Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-326.nasl - Type : ACT_GATHER_INFO
2014-04-23Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-327.nasl - Type : ACT_GATHER_INFO
2014-04-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0406.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0407.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0408.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140416_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140416_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-04-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140416_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-01-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO
2014-01-20Name : The remote application server is potentially affected by multiple vulnerabili...
File : websphere_7_0_0_31.nasl - Type : ACT_GATHER_INFO
2014-01-20Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_8.nasl - Type : ACT_GATHER_INFO
2014-01-08Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2014-01-08Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2013-12-03Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-131129.nasl - Type : ACT_GATHER_INFO
2013-11-22Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2033-1.nasl - Type : ACT_GATHER_INFO
2013-11-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-131119.nasl - Type : ACT_GATHER_INFO
2013-11-20Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-267.nasl - Type : ACT_GATHER_INFO
2013-11-19Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-131114.nasl - Type : ACT_GATHER_INFO
2013-11-14Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-235.nasl - Type : ACT_GATHER_INFO
2013-11-14Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-246.nasl - Type : ACT_GATHER_INFO
2013-11-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-openjdk-131104.nasl - Type : ACT_GATHER_INFO
2013-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1507.nasl - Type : ACT_GATHER_INFO
2013-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1508.nasl - Type : ACT_GATHER_INFO
2013-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1509.nasl - Type : ACT_GATHER_INFO
2013-11-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-06Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1505.nasl - Type : ACT_GATHER_INFO
2013-11-06Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131105_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote server is affected by multiple vulnerabilities.
File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO
2013-10-24Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131022_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-10-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-23Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1451.nasl - Type : ACT_GATHER_INFO
2013-10-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-22Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1447.nasl - Type : ACT_GATHER_INFO
2013-10-22Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131021_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1440.nasl - Type : ACT_GATHER_INFO
2013-10-17Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-10-17Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_oct_2013_unix.nasl - Type : ACT_GATHER_INFO
2013-10-16Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update17.nasl - Type : ACT_GATHER_INFO
2013-10-16Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_2013-005.nasl - Type : ACT_GATHER_INFO
2013-07-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130723.nasl - Type : ACT_GATHER_INFO
2013-07-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130723.nasl - Type : ACT_GATHER_INFO
2013-07-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1081.nasl - Type : ACT_GATHER_INFO
2013-07-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1059.nasl - Type : ACT_GATHER_INFO
2013-07-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1060.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:57:31
  • Multiple Updates
2013-12-01 13:22:51
  • Multiple Updates
2013-10-22 21:21:19
  • First insertion