Vulnerabilities > CVE-2013-2440

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
sun
critical
nessus

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.

Vulnerable Configurations

Part Description Count
Application
Oracle
68
Application
Sun
42

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0757.NASL
    descriptionUpdated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 21 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66029
    published2013-04-19
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66029
    titleRHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0757)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:0757. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66029);
      script_version("1.22");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-0401", "CVE-2013-0402", "CVE-2013-1488", "CVE-2013-1491", "CVE-2013-1518", "CVE-2013-1537", "CVE-2013-1540", "CVE-2013-1557", "CVE-2013-1558", "CVE-2013-1561", "CVE-2013-1563", "CVE-2013-1564", "CVE-2013-1569", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2394", "CVE-2013-2414", "CVE-2013-2415", "CVE-2013-2416", "CVE-2013-2417", "CVE-2013-2418", "CVE-2013-2419", "CVE-2013-2420", "CVE-2013-2421", "CVE-2013-2422", "CVE-2013-2423", "CVE-2013-2424", "CVE-2013-2425", "CVE-2013-2426", "CVE-2013-2427", "CVE-2013-2428", "CVE-2013-2429", "CVE-2013-2430", "CVE-2013-2431", "CVE-2013-2432", "CVE-2013-2433", "CVE-2013-2434", "CVE-2013-2435", "CVE-2013-2436", "CVE-2013-2438", "CVE-2013-2439", "CVE-2013-2440");
      script_bugtraq_id(58397, 58493, 58504, 58507, 59088, 59089, 59124, 59128, 59131, 59137, 59141, 59145, 59149, 59153, 59154, 59159, 59162, 59165, 59166, 59167, 59170, 59172, 59175, 59178, 59179, 59184, 59185, 59187, 59190, 59191, 59194, 59195, 59203, 59206, 59208, 59212, 59213, 59219, 59220, 59228, 59234, 59243);
      script_xref(name:"RHSA", value:"2013:0757");
    
      script_name(english:"RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0757)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated java-1.7.0-oracle packages that fix several security issues
    are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
    
    The Red Hat Security Response Team has rated this update as having
    critical security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Oracle Java SE version 7 includes the Oracle Java Runtime Environment
    and the Oracle Java Software Development Kit.
    
    This update fixes several vulnerabilities in the Oracle Java Runtime
    Environment and the Oracle Java Software Development Kit. Further
    information about these flaws can be found on the Oracle Java SE
    Critical Patch Update Advisory page, listed in the References section.
    (CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491,
    CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,
    CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564,
    CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,
    CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417,
    CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421,
    CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,
    CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429,
    CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433,
    CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438,
    CVE-2013-2439, CVE-2013-2440)
    
    All users of java-1.7.0-oracle are advised to upgrade to these updated
    packages, which provide Oracle Java 7 Update 21 and resolve these
    issues. All running instances of Oracle Java must be restarted for the
    update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-0401.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-0402.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1488.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1491.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1518.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1537.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1540.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1557.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1558.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1561.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1563.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1564.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-1569.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2383.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2384.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2394.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2414.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2415.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2416.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2417.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2418.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2419.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2420.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2421.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2422.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2423.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2424.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2425.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2426.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2427.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2428.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2429.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2430.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2431.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2432.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2433.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2434.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2435.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2436.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2438.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2439.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.redhat.com/security/data/cve/CVE-2013-2440.html"
      );
      # http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4b0871bd"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://rhn.redhat.com/errata/RHSA-2013-0757.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java Applet Reflection Type Confusion Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    flag = 0;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5")) flag++;
    if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el5")) flag++;
    
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6")) flag++;
    
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-devel-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-javafx-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-jdbc-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-plugin-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6")) flag++;
    if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"java-1.7.0-oracle-src-1.7.0.21-1jpp.1.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idLOTUS_DOMINO_8_5_3_FP5.NASL
    descriptionThe remote host has a version of IBM Domino (formerly Lotus Domino) 8.5.x prior to 8.5.3 Fix Pack 5 installed. It is, therefore, reportedly affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of the IBM JRE that contains numerous security issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436, CVE-2013-2455, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012) - Note also that fixes in the Oracle Java CPUs for February, April and June 2013 are included in the fixed IBM Java release, which is itself included in the fixed IBM Domino release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0401, CVE-2013-0402, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1488, CVE-2013-1489, CVE-2013-1491, CVE-2013-1500, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2437, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)
    last seen2020-06-01
    modified2020-06-02
    plugin id70743
    published2013-11-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70743
    titleIBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70743);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2012-1541",
        "CVE-2012-3213",
        "CVE-2012-3342",
        "CVE-2013-0351",
        "CVE-2013-0401",
        "CVE-2013-0402",
        "CVE-2013-0409",
        "CVE-2013-0419",
        "CVE-2013-0423",
        "CVE-2013-0424",
        "CVE-2013-0425",
        "CVE-2013-0426",
        "CVE-2013-0427",
        "CVE-2013-0428",
        "CVE-2013-0429",
        "CVE-2013-0430",
        "CVE-2013-0431",
        "CVE-2013-0432",
        "CVE-2013-0433",
        "CVE-2013-0434",
        "CVE-2013-0435",
        "CVE-2013-0437",
        "CVE-2013-0438",
        "CVE-2013-0440",
        "CVE-2013-0441",
        "CVE-2013-0442",
        "CVE-2013-0443",
        "CVE-2013-0444",
        "CVE-2013-0445",
        "CVE-2013-0446",
        "CVE-2013-0448",
        "CVE-2013-0449",
        "CVE-2013-0450",
        "CVE-2013-0809",
        "CVE-2013-1473",
        "CVE-2013-1475",
        "CVE-2013-1476",
        "CVE-2013-1478",
        "CVE-2013-1479",
        "CVE-2013-1480",
        "CVE-2013-1481",
        "CVE-2013-1488",
        "CVE-2013-1489",
        "CVE-2013-1491",
        "CVE-2013-1493",
        "CVE-2013-1500",
        "CVE-2013-1518",
        "CVE-2013-1537",
        "CVE-2013-1540",
        "CVE-2013-1557",
        "CVE-2013-1558",
        "CVE-2013-1561",
        "CVE-2013-1563",
        "CVE-2013-1564",
        "CVE-2013-1569",
        "CVE-2013-1571",
        "CVE-2013-2383",
        "CVE-2013-2384",
        "CVE-2013-2394",
        "CVE-2013-2400",
        "CVE-2013-2407",
        "CVE-2013-2412",
        "CVE-2013-2414",
        "CVE-2013-2415",
        "CVE-2013-2416",
        "CVE-2013-2417",
        "CVE-2013-2418",
        "CVE-2013-2419",
        "CVE-2013-2420",
        "CVE-2013-2421",
        "CVE-2013-2422",
        "CVE-2013-2423",
        "CVE-2013-2424",
        "CVE-2013-2425",
        "CVE-2013-2426",
        "CVE-2013-2427",
        "CVE-2013-2428",
        "CVE-2013-2429",
        "CVE-2013-2430",
        "CVE-2013-2431",
        "CVE-2013-2432",
        "CVE-2013-2433",
        "CVE-2013-2434",
        "CVE-2013-2435",
        "CVE-2013-2436",
        "CVE-2013-2437",
        "CVE-2013-2438",
        "CVE-2013-2439",
        "CVE-2013-2440",
        "CVE-2013-2442",
        "CVE-2013-2443",
        "CVE-2013-2444",
        "CVE-2013-2445",
        "CVE-2013-2446",
        "CVE-2013-2447",
        "CVE-2013-2448",
        "CVE-2013-2449",
        "CVE-2013-2450",
        "CVE-2013-2451",
        "CVE-2013-2452",
        "CVE-2013-2453",
        "CVE-2013-2454",
        "CVE-2013-2455",
        "CVE-2013-2456",
        "CVE-2013-2457",
        "CVE-2013-2458",
        "CVE-2013-2459",
        "CVE-2013-2460",
        "CVE-2013-2461",
        "CVE-2013-2462",
        "CVE-2013-2463",
        "CVE-2013-2464",
        "CVE-2013-2465",
        "CVE-2013-2466",
        "CVE-2013-2467",
        "CVE-2013-2468",
        "CVE-2013-2469",
        "CVE-2013-2470",
        "CVE-2013-2471",
        "CVE-2013-2472",
        "CVE-2013-2473",
        "CVE-2013-3006",
        "CVE-2013-3007",
        "CVE-2013-3008",
        "CVE-2013-3009",
        "CVE-2013-3010",
        "CVE-2013-3011",
        "CVE-2013-3012",
        "CVE-2013-3743",
        "CVE-2013-3744",
        "CVE-2013-4002"
      );
      script_bugtraq_id(
        57681,
        57686,
        57687,
        57689,
        57691,
        57692,
        57694,
        57696,
        57697,
        57699,
        57700,
        57701,
        57702,
        57703,
        57704,
        57706,
        57707,
        57708,
        57709,
        57710,
        57711,
        57712,
        57713,
        57714,
        57715,
        57716,
        57717,
        57718,
        57719,
        57720,
        57722,
        57723,
        57724,
        57726,
        57727,
        57728,
        57729,
        57730,
        57731,
        58238,
        58296,
        58397,
        58493,
        58504,
        58507,
        59088,
        59089,
        59124,
        59128,
        59131,
        59137,
        59141,
        59145,
        59149,
        59153,
        59154,
        59159,
        59162,
        59165,
        59166,
        59167,
        59170,
        59172,
        59175,
        59178,
        59179,
        59184,
        59185,
        59187,
        59190,
        59191,
        59194,
        59195,
        59203,
        59206,
        59208,
        59212,
        59213,
        59219,
        59220,
        59228,
        59234,
        59243,
        60617,
        60618,
        60619,
        60620,
        60621,
        60622,
        60623,
        60624,
        60625,
        60626,
        60627,
        60629,
        60630,
        60631,
        60632,
        60633,
        60634,
        60635,
        60636,
        60637,
        60638,
        60639,
        60640,
        60641,
        60643,
        60644,
        60645,
        60646,
        60647,
        60649,
        60650,
        60651,
        60652,
        60653,
        60654,
        60655,
        60656,
        60657,
        60658,
        60659,
        61302,
        61306,
        61307,
        61308,
        61310,
        61311,
        61312,
        61313
      );
    
      script_name(english:"IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities");
      script_summary(english:"Checks version of IBM Domino");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host has software installed that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host has a version of IBM Domino (formerly Lotus Domino)
    8.5.x prior to 8.5.3 Fix Pack 5 installed.  It is, therefore,
    reportedly affected by the following vulnerabilities :
    
      - The included version of the IBM Java SDK contains a
        version of the IBM JRE that contains numerous security
        issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,
        CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,
        CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,
        CVE-2013-3011, CVE-2013-3012)
    
      - Note also that fixes in the Oracle Java CPUs for
        February, April and June 2013 are included in the
        fixed IBM Java release, which is itself included
        in the fixed IBM Domino release.
        (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,
        CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,
        CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
        CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,
        CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,
        CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,
        CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,
        CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,
        CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,
        CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,
        CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,
        CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,
        CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,
        CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,
        CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,
        CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,
        CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,
        CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,
        CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,
        CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,
        CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,
        CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,
        CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,
        CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,
        CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,
        CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,
        CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,
        CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,
        CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,
        CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,
        CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,
        CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,
        CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,
        CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,
        CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,
        CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,
        CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,
        CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,
        CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,
        CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24032242#FP5");
      # http://www-10.lotus.com/ldd/fixlist.nsf/8d1c0550e6242b69852570c900549a74/a3940c755daf3a2885257bbf00502b5f?OpenDocument
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9dfc0b6");
      # http://www-10.lotus.com/ldd/fixlist.nsf/8d1c0550e6242b69852570c900549a74/a3940c755daf3a2885257bbf00502b5f?OpenDocument
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f9dfc0b6");
      script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21644918");
      # https://www.ibm.com/blogs/psirt/security-bulletin-ibm-notes-domino-fixes-for-multiple-vulnerabilities-in-ibm-jre-4/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?151b7e2b");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM Domino 8.5.3 Fix Pack 5 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2473");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Java storeImageArray() Invalid Array Indexing Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:lotus_domino");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("lotus_domino_installed.nasl");
      script_require_keys("SMB/Domino/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    appname = "IBM Domino";
    kb_base = "SMB/Domino/";
    
    port = get_kb_item('SMB/transport');
    if (isnull(port)) port = 445;
    version = get_kb_item_or_exit(kb_base + 'Version');
    path = get_kb_item_or_exit(kb_base + 'Path');
    
    fix = '8.5.35.13212';
    lower_cutoff = '8.5.0.0';
    
    if (
      ver_compare(ver:version, fix:lower_cutoff, strict:FALSE) >= 0
      &&
      ver_compare(ver:version, fix:fix, strict:FALSE) < 0
    )
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix + ' (8.5.3 FP5)' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
    
  • NASL familyWindows
    NASL idORACLE_JAVA_CPU_APR_2013.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than or equal to 7 Update 17, 6 Update 43 or 5 Update 41. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Beans - Deployment - HotSpot - ImageIO - Install - JavaFX - JAXP - JAX-WS - JMX - Libraries - Networking - RMI
    last seen2020-06-01
    modified2020-06-02
    plugin id65995
    published2013-04-17
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65995
    titleOracle Java SE Multiple Vulnerabilities (April 2013 CPU)
  • NASL familyMisc.
    NASL idORACLE_JAVA_CPU_APR_2013_UNIX.NASL
    descriptionThe version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than or equal to 7 Update 17, 6 Update 43 or 5 Update 41. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - Beans - Deployment - HotSpot - ImageIO - Install - JavaFX - JAXP - JAX-WS - JMX - Libraries - Networking - RMI
    last seen2020-06-01
    modified2020-06-02
    plugin id65996
    published2013-04-17
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65996
    titleOracle Java SE Multiple Vulnerabilities (April 2013 CPU) (Unix)
  • NASL familyMisc.
    NASL idDOMINO_9_0_1.NASL
    descriptionAccording to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x earlier than 9.0.1. It is, therefore, affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of IBM JRE that contains numerous security issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436, CVE-2013-2455, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012) - An input validation error exists related to handling content in email messages that could allow cross-site scripting attacks. (CVE-2013-4063) - An input validation error exists related to iNotes when running in
    last seen2020-06-01
    modified2020-06-02
    plugin id71859
    published2014-01-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71859
    titleIBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)
  • NASL familyWindows
    NASL idLOTUS_DOMINO_9_0_1.NASL
    descriptionThe remote host has a version of IBM Domino (formerly Lotus Domino) 9.x prior to 9.0.1 installed. It is, therefore, reportedly affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of IBM JRE that contains numerous security issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436, CVE-2013-2455, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012) - An input validation error exists related to handling content in email messages that could allow cross-site scripting attacks. (CVE-2013-4063) - An input validation error exists related to iNotes when running in
    last seen2020-06-01
    modified2020-06-02
    plugin id71861
    published2014-01-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71861
    titleIBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_10_6_UPDATE15.NASL
    descriptionThe remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 15, which updates the Java version to 1.6.0_45. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2020-06-01
    modified2020-06-02
    plugin id65998
    published2013-04-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65998
    titleMac OS X : Java for Mac OS X 10.6 Update 15
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0758.NASL
    descriptionUpdated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 45. All running instances of Oracle Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66030
    published2013-04-19
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66030
    titleRHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0758)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-130517.NASL
    descriptionIBM Java 1.6.0 has been updated to SR13-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2013-05-28
    plugin id66616
    published2013-05-28
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66616
    titleSuSE 11.2 / 11.3 Security Update : IBM Java (SAT Patch Numbers 7744 / 7920)
  • NASL familyMisc.
    NASL idDOMINO_8_5_3FP5.NASL
    descriptionAccording to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 8.5.x earlier than 8.5.3 FP5. It is, therefore, affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of the IBM JRE that contains numerous security issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436, CVE-2013-2455, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012) - Note also that fixes in the Oracle Java CPUs for February, April and June 2013 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0401, CVE-2013-0402, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1488, CVE-2013-1489, CVE-2013-1491, CVE-2013-1500, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2437, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)
    last seen2020-06-01
    modified2020-06-02
    plugin id70742
    published2013-11-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70742
    titleIBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0822.NASL
    descriptionUpdated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4-FP2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66439
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66439
    titleRHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822)
  • NASL familyWindows
    NASL idLOTUS_NOTES_8_5_3_FP5.NASL
    descriptionThe remote host has a version of IBM Notes (formerly Lotus Notes) 8.5.x prior to 8.5.3 Fix Pack 5 installed. It is, therefore, reportedly affected by the following vulnerabilities : - The included version of the IBM Java SDK contains a version of the IBM JRE that contains numerous security issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436, CVE-2013-2455, CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, CVE-2013-3012) - Note also that fixes in the Oracle Java CPUs for February, April and June 2013 are included in the fixed IBM Java release, which is included in the fixed IBM Notes release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0401, CVE-2013-0402, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1488, CVE-2013-1489, CVE-2013-1491, CVE-2013-1500, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2437, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2467, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)
    last seen2020-06-01
    modified2020-06-02
    plugin id70744
    published2013-11-04
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70744
    titleIBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72139
    published2014-01-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72139
    titleGLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-8593.NASL
    descriptionIBM Java 1.5.0 has been updated to SR13-FP2 which fixes several bugs and security issues. For more details see : http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2013-06-11
    plugin id66857
    published2013-06-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66857
    titleSuSE 10 Security Update : Java 1.5.0 (ZYPP Patch Number 8593)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_7_0-IBM-130529.NASL
    descriptionIBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues. http://www.ibm.com/developerworks/java/jdk/alerts/
    last seen2020-06-05
    modified2013-06-11
    plugin id66855
    published2013-06-11
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66855
    titleSuSE 11.2 / 11.3 Security Update : IBM Java 1.7.0 / IBM Java (SAT Patch Numbers 7794 / 7921)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1456.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id78976
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78976
    titleRHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_6_0-IBM-8582.NASL
    descriptionIBM Java 1.6.0 has been updated to SR13-FP2 fixing bugs and security issues. [http://www.ibm.com/developerworks/java/jdk/alerts/)(http://www.ibm.co m/developerworks/java/jdk/alerts/)
    last seen2020-06-05
    modified2013-05-28
    plugin id66618
    published2013-05-28
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66618
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 8582)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_2013-003.NASL
    descriptionThe remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-003 update, which updates the Java version to 1.6.0_45. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the Java sandbox.
    last seen2020-06-01
    modified2020-06-02
    plugin id65999
    published2013-04-17
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65999
    titleMac OS X : Java for OS X 2013-003
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0823.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2440) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR13-FP2 release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id66440
    published2013-05-15
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66440
    titleRHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1455.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743) Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    modified2020-06-02
    plugin id78975
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78975
    titleRHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)

Oval

  • accepted2013-06-03T04:03:17.725-04:00
    classvulnerability
    contributors
    nameSergey Artykhov
    organizationALTX-SOFT
    definition_extensions
    • commentJava SE Runtime Environment 6 is installed
      ovaloval:org.mitre.oval:def:16362
    • commentJava SE Runtime Environment 7 is installed
      ovaloval:org.mitre.oval:def:16050
    descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.
    familywindows
    idoval:org.mitre.oval:def:16586
    statusaccepted
    submitted2013-04-17T10:26:26.748+04:00
    titleVulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before, 6 Update 43 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
    version5
  • accepted2015-04-20T04:01:15.520-04:00
    classvulnerability
    contributors
    • nameGanesh Manal
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.
    familyunix
    idoval:org.mitre.oval:def:19417
    statusaccepted
    submitted2013-11-22T11:43:28.000-05:00
    titleHP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version51

Redhat

advisories
  • rhsa
    idRHSA-2013:0757
  • rhsa
    idRHSA-2013:0758
  • rhsa
    idRHSA-2013:1455
  • rhsa
    idRHSA-2013:1456
rpms
  • java-1.7.0-oracle-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-1:1.7.0.21-1jpp.1.el6
  • java-1.7.0-oracle-devel-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-devel-1:1.7.0.21-1jpp.1.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-javafx-1:1.7.0.21-1jpp.1.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-jdbc-1:1.7.0.21-1jpp.1.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-plugin-1:1.7.0.21-1jpp.1.el6
  • java-1.7.0-oracle-src-1:1.7.0.21-1jpp.1.el5
  • java-1.7.0-oracle-src-1:1.7.0.21-1jpp.1.el6
  • java-1.6.0-sun-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-1:1.6.0.45-1jpp.1.el6
  • java-1.6.0-sun-demo-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-demo-1:1.6.0.45-1jpp.1.el6
  • java-1.6.0-sun-devel-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-devel-1:1.6.0.45-1jpp.1.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-jdbc-1:1.6.0.45-1jpp.1.el6
  • java-1.6.0-sun-plugin-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-plugin-1:1.6.0.45-1jpp.1.el6
  • java-1.6.0-sun-src-1:1.6.0.45-1jpp.1.el5_9
  • java-1.6.0-sun-src-1:1.6.0.45-1jpp.1.el6
  • java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.7.0-ibm-demo-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-demo-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.7.0-ibm-devel-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-devel-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.7.0-ibm-plugin-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-plugin-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.7.0-ibm-src-1:1.7.0.4.2-1jpp.1.el5_9
  • java-1.7.0-ibm-src-1:1.7.0.4.2-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-accessibility-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-demo-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-demo-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-javacomm-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-javacomm-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-jdbc-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-jdbc-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-plugin-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-plugin-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-src-1:1.6.0.13.2-1jpp.1.el5_9
  • java-1.6.0-ibm-src-1:1.6.0.13.2-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el5_9
  • java-1.6.0-ibm-devel-1:1.6.0.14.0-1jpp.1.el6_4