Vulnerabilities > CVE-2013-5456 - Unspecified vulnerability in IBM Java 7.0.0.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ibm
nessus
Summary
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1378-1.NASL description This IBM Java 1.7.0 SR9 FP40 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91308 published 2016-05-24 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91308 title SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:1378-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1378-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(91308); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2013-3009", "CVE-2013-5456", "CVE-2016-0264", "CVE-2016-0363", "CVE-2016-0376", "CVE-2016-0686", "CVE-2016-0687", "CVE-2016-3422", "CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"); script_bugtraq_id(61308, 63618); script_name(english:"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:1378-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This IBM Java 1.7.0 SR9 FP40 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977646" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977650" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=979252" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0264/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0363/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0376/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0686/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0687/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3422/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3426/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3427/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3443/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3449/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161378-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?28e464f8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE OpenStack Cloud 5 : zypper in -t patch sleclo50sp3-java-1_7_0-ibm-12571=1 SUSE Manager Proxy 2.1 : zypper in -t patch slemap21-java-1_7_0-ibm-12571=1 SUSE Manager 2.1 : zypper in -t patch sleman21-java-1_7_0-ibm-12571=1 SUSE Linux Enterprise Server 11-SP3-LTSS : zypper in -t patch slessp3-java-1_7_0-ibm-12571=1 SUSE Linux Enterprise Server 11-SP2-LTSS : zypper in -t patch slessp2-java-1_7_0-ibm-12571=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_7_0-ibm-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", reference:"java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"java-1_7_0-ibm-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"java-1_7_0-ibm-devel-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"java-1_7_0-ibm-jdbc-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"java-1_7_0-ibm-alsa-1.7.0_sr9.40-52.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"i586", reference:"java-1_7_0-ibm-plugin-1.7.0_sr9.40-52.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_7_0-ibm"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1303-1.NASL description This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-24 modified 2019-01-02 plugin id 119977 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119977 title SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1303-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1303-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(119977); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23"); script_cve_id("CVE-2013-3009", "CVE-2013-5456", "CVE-2016-0264", "CVE-2016-0363", "CVE-2016-0376", "CVE-2016-0686", "CVE-2016-0687", "CVE-2016-3422", "CVE-2016-3426", "CVE-2016-3427", "CVE-2016-3443", "CVE-2016-3449"); script_bugtraq_id(61308, 63618); script_name(english:"SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1303-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977646" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977648" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=977650" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=979252" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0264/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0363/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0376/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0686/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0687/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3422/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3426/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3427/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3443/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3449/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161303-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ee7a9c4c" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Legacy Software 12 : zypper in -t patch SUSE-SLE-Module-Legacy-12-2016-771=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:java-1_6_0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"java-1_6_0-ibm-plugin-1.6.0_sr16.25-34.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-1.6.0_sr16.25-34.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-fonts-1.6.0_sr16.25-34.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"java-1_6_0-ibm-jdbc-1.6.0_sr16.25-34.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1_6_0-ibm"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1300-1.NASL description This IBM Java 1.7.1 SR3 FP40 relese fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91161 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91161 title SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1300-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1388-1.NASL description This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91319 published 2016-05-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91319 title SUSE SLES10 Security Update : IBM Java 1.6.0 (SUSE-SU-2016:1388-1) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-131114.NASL description IBM Java 6 SR15 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2013-11-19 plugin id 70960 published 2013-11-19 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70960 title SuSE 11.2 / 11.3 Security Update : IBM Java 6 (SAT Patch Numbers 8549 / 8550) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-131119.NASL description IBM Java 7 SR6 has been released and fixes lots of bugs and security issues. More information can be found on: http://www.ibm.com/developerworks/java/jdk/alerts/ last seen 2020-06-05 modified 2013-11-21 plugin id 71020 published 2013-11-21 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71020 title SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1507.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-3829, CVE-2013-4041, CVE-2013-5372, CVE-2013-5375, CVE-2013-5456, CVE-2013-5457, CVE-2013-5458, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5788, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 70791 published 2013-11-08 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70791 title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1379-1.NASL description This IBM Java 1.6.0 SR16 FP25 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91309 published 2016-05-24 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91309 title SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1379-1) NASL family Misc. NASL id DOMINO_9_0_1_FP1.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure last seen 2020-06-01 modified 2020-06-02 plugin id 73968 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73968 title IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id LOTUS_NOTES_9_0_1_FP1.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73970 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73970 title IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities NASL family Windows NASL id LOTUS_DOMINO_9_0_1_FP1.NASL description The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73969 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73969 title IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1299-1.NASL description This IBM Java 1.7.1 SR3 FP40 release fixes the following issues : Security issues fixed : - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM (bsc#977648) - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix (bsc#977650) - CVE-2016-0376: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix (bsc#977646) - The following CVEs got also fixed during this update. (bsc#979252) CVE-2016-3443, CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-3449, CVE-2016-3422, CVE-2016-3426 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 91160 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91160 title SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1299-1)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://rhn.redhat.com/errata/RHSA-2013-1507.html
- http://secunia.com/advisories/56338
- http://secunia.com/advisories/56338
- http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
- http://www.security-explorations.com/materials/SE-2012-01-IBM-3.pdf
- http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
- http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV51329
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV51329
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655201
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- http://www-01.ibm.com/support/docview.wss?uid=swg21655202
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/88255
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013
- https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013