Executive Summary
Summary | |
---|---|
Title | OpenJDK 6 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2124-1 | First vendor Publication | 2014-02-27 |
Vendor | Ubuntu | Last vendor Modification | 2014-02-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK 6. Software Description: - openjdk-6: Open Source Java implementation Details: A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. (CVE-2014-0411) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-5878, CVE-2013-5907, CVE-2014-0373, CVE-2014-0422, CVE-2014-0428) Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-5884, CVE-2014-0368) Two vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-5896, CVE-2013-5910) Two vulnerabilities were discovered in the OpenJDK JRE related to data integrity. (CVE-2014-0376, CVE-2014-0416) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to expose sensitive data over the network or cause a denial of service. (CVE-2014-0423) In addition to the above, USN-2033-1 fixed several vulnerabilities and bugs in OpenJDK 6. This update introduced a regression which caused an exception condition in javax.xml when instantiating encryption algorithms. This update fixes the problem. We apologize for the inconvenience. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 10.04 LTS: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2124-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21640 | |||
Oval ID: | oval:org.mitre.oval:def:21640 | ||
Title: | RHSA-2014:0026: java-1.7.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0026-00 CESA-2014:0026 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 187 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21979 | |||
Oval ID: | oval:org.mitre.oval:def:21979 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Beans) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0423 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22049 | |||
Oval ID: | oval:org.mitre.oval:def:22049 | ||
Title: | RHSA-2014:0027: java-1.7.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0027-00 CESA-2014:0027 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 187 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22096 | |||
Oval ID: | oval:org.mitre.oval:def:22096 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, JRockit R28.2.9 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JSSE) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0411 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22170 | |||
Oval ID: | oval:org.mitre.oval:def:22170 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, JRockit R27.7.7, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: 2D) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5907 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JRockit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22189 | |||
Oval ID: | oval:org.mitre.oval:def:22189 | ||
Title: | RHSA-2014:0097: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0097-00 CESA-2014:0097 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 122 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22214 | |||
Oval ID: | oval:org.mitre.oval:def:22214 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAAS) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0416 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22227 | |||
Oval ID: | oval:org.mitre.oval:def:22227 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an incorrect check for code permissions by CORBA stub factories. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5884 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22233 | |||
Oval ID: | oval:org.mitre.oval:def:22233 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0428 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22245 | |||
Oval ID: | oval:org.mitre.oval:def:22245 | ||
Title: | Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5878 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22258 | |||
Oval ID: | oval:org.mitre.oval:def:22258 | ||
Title: | Vulnerability in Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Security) | ||
Description: | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5910 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22270 | |||
Oval ID: | oval:org.mitre.oval:def:22270 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JAXP) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0376 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22289 | |||
Oval ID: | oval:org.mitre.oval:def:22289 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: Networking) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0368 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22304 | |||
Oval ID: | oval:org.mitre.oval:def:22304 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65 and Java SE 7u45 component of Oracle Java SE (subcomponent: Serviceability) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to throwing of an incorrect exception when SnmpStatusException should have been used in the SNMP implementation, which allows attackers to escape the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0373 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22372 | |||
Oval ID: | oval:org.mitre.oval:def:22372 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45 and Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: CORBA) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5896 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22402 | |||
Oval ID: | oval:org.mitre.oval:def:22402 | ||
Title: | Vulnerability in Java SE 5.0u55, Java SE 6u65, Java SE 7u45, Java SE Embedded 7u45 component of Oracle Java SE (subcomponent: JNDI) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to missing package access checks in the Naming / JNDI component, which allows attackers to escape the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-0422 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23480 | |||
Oval ID: | oval:org.mitre.oval:def:23480 | ||
Title: | ELSA-2014:0027: java-1.7.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0027-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 61 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23883 | |||
Oval ID: | oval:org.mitre.oval:def:23883 | ||
Title: | ELSA-2014:0026: java-1.7.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0026-00 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 61 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24188 | |||
Oval ID: | oval:org.mitre.oval:def:24188 | ||
Title: | ELSA-2014:0136: java-1.5.0-ibm security update (Important) | ||
Description: | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014:0136-00 CVE-2013-5907 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 45 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25326 | |||
Oval ID: | oval:org.mitre.oval:def:25326 | ||
Title: | SUSE-SU-2014:0246-1 -- Security update for IBM Java | ||
Description: | This update contains the Oracle January 14 2014 CPU for java-1_7_0-ibm. Find more information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_Ja nuary_14_2014_CPU <http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_J anuary_14_2014_CPU> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0246-1 CVE-2014-0428 CVE-2014-0422 CVE-2013-5907 CVE-2014-0415 CVE-2014-0410 CVE-2013-5889 CVE-2014-0417 CVE-2014-0387 CVE-2014-0424 CVE-2013-5878 CVE-2014-0373 CVE-2014-0375 CVE-2014-0403 CVE-2014-0423 CVE-2014-0376 CVE-2013-5910 CVE-2013-5884 CVE-2013-5896 CVE-2013-5899 CVE-2014-0416 CVE-2013-5887 CVE-2014-0368 CVE-2013-5888 CVE-2013-5898 CVE-2014-0411 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | IBM Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25455 | |||
Oval ID: | oval:org.mitre.oval:def:25455 | ||
Title: | SUSE-SU-2014:0215-1 -- Security update for openjdk | ||
Description: | This openjdk update fixes several security issues. For a complete list of fixed vulnerabilities and their description please refer to: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J anuary/025800.html <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014- January/025800.html> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0215-1 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | openjdk |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27081 | |||
Oval ID: | oval:org.mitre.oval:def:27081 | ||
Title: | DEPRECATED: ELSA-2014-0027 -- java-1.7.0-openjdk security update (important) | ||
Description: | [1.7.0.51-2.4.4.1.0.1.el5_10] - Add oracle-enterprise.patch - Fix DISTRO_NAME to 'Enterprise Linux' [1.7.0.51-2.4.4.1.el5] - updated to security icedtea 2.4.4 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 1 - build requires: java-devel >= 1:1.6.0 changed java7-devel - Resolves: rhbz#1050192 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0027 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27206 | |||
Oval ID: | oval:org.mitre.oval:def:27206 | ||
Title: | DEPRECATED: ELSA-2014-0026 -- java-1.7.0-openjdk security update (critical) | ||
Description: | [1.7.0.51-2.4.4.1.0.1.el6_5] - Update DISTRO_NAME in specfile [1.7.0.51-2.4.4.1.el6] - restored java7 provides - bumped release (builds exists) - Resolves: rhbz#1050935 [1.7.0.51-2.4.4.0.el6] - updated to security icedtea 2.4.4 - icedtea_version set to 2.4.4 - updatever bumped to 51 - release reset to 0 - sync with fedora - added and applied patch411 1029588.patch (rh 1029588) - added aand applied patch410, 1015432 (rh 1015432) - Resolves: rhbz#1050935 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0026 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27408 | |||
Oval ID: | oval:org.mitre.oval:def:27408 | ||
Title: | DEPRECATED: ELSA-2014-0097 -- java-1.6.0-openjdk security update (important) | ||
Description: | [1:1.6.0.1-3.1.13.0] - updated to icedtea 1.13.1 - http://blog.fuseyism.com/index.php/2014/01/23/security-icedtea-1-12-8-1-13-1-for-openjdk-6-released/ - updated to jdk6, b30, 21_jan_2014 - https://openjdk6.java.net/OpenJDK6-B30-Changes.html - adapted patch7 1.13_fixes.patch - pre 2011 changelog moved to (till now wrong) pre-2009-spec-changelog (rh1043611) - added --disable-system-lcms to configure options to pass build - adapted patch3 java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#1050190 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-0097 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 3 | |
Application | 2 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-01-16 | IAVM : 2014-A-0010 - Multiple Vulnerabilities in Oracle Java SE Severity : Category I - VMSKEY : V0043398 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-09-08 | Oracle Java VersionHelper loadClass sandbox bypass attempt RuleID : 35469 - Revision : 2 - Type : FILE-JAVA |
2015-09-08 | Oracle Java VersionHelper loadClass sandbox bypass attempt RuleID : 35468 - Revision : 3 - Type : FILE-JAVA |
2015-09-08 | Oracle Java VersionHelper loadClass sandbox bypass attempt RuleID : 35467 - Revision : 3 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-10-13 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17381.nasl - Type : ACT_GATHER_INFO |
2014-12-22 | Name : The remote device is affected by multiple vulnerabilities. File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0982.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0414.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
2014-07-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0705.nasl - Type : ACT_GATHER_INFO |
2014-07-28 | Name : The remote AIX host has a version of Java SDK installed that is potentially a... File : aix_java_jan2014_advisory.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-96.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-95.nasl - Type : ACT_GATHER_INFO |
2014-06-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140514.nasl - Type : ACT_GATHER_INFO |
2014-06-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140515.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1_fp1.nasl - Type : ACT_GATHER_INFO |
2014-04-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-2.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2124-1.nasl - Type : ACT_GATHER_INFO |
2014-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-140213.nasl - Type : ACT_GATHER_INFO |
2014-02-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-140206.nasl - Type : ACT_GATHER_INFO |
2014-02-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-openjdk-140205.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-283.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-280.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0136.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0135.nasl - Type : ACT_GATHER_INFO |
2014-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0134.nasl - Type : ACT_GATHER_INFO |
2014-01-28 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0097.nasl - Type : ACT_GATHER_INFO |
2014-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0097.nasl - Type : ACT_GATHER_INFO |
2014-01-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0097.nasl - Type : ACT_GATHER_INFO |
2014-01-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140127_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
2014-01-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2089-1.nasl - Type : ACT_GATHER_INFO |
2014-01-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-011.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140115_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0030.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140115_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0027.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0026.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0027.nasl - Type : ACT_GATHER_INFO |
2014-01-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0026.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0027.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0026.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_jan_2014_unix.nasl - Type : ACT_GATHER_INFO |
2014-01-15 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_jan_2014.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-06-21 09:30:32 |
|
2014-04-09 13:22:26 |
|
2014-03-01 13:21:00 |
|
2014-02-28 00:18:33 |
|