Vulnerabilities > CVE-2014-0375 - Unspecified vulnerability in Oracle JDK and JRE
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0134.NASL description Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 72319 published 2014-02-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72319 title RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0134) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0134. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(72319); script_version("1.18"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4578", "CVE-2013-5878", "CVE-2013-5884", "CVE-2013-5887", "CVE-2013-5888", "CVE-2013-5889", "CVE-2013-5896", "CVE-2013-5898", "CVE-2013-5899", "CVE-2013-5907", "CVE-2013-5910", "CVE-2014-0368", "CVE-2014-0373", "CVE-2014-0375", "CVE-2014-0376", "CVE-2014-0387", "CVE-2014-0403", "CVE-2014-0410", "CVE-2014-0411", "CVE-2014-0415", "CVE-2014-0416", "CVE-2014-0417", "CVE-2014-0422", "CVE-2014-0423", "CVE-2014-0424", "CVE-2014-0428"); script_bugtraq_id(64875, 64882, 64894, 64899, 64907, 64912, 64914, 64915, 64916, 64918, 64919, 64920, 64921, 64922, 64924, 64925, 64926, 64927, 64928, 64930, 64931, 64932, 64933, 64935, 64937); script_xref(name:"RHSA", value:"2014:0134"); script_name(english:"RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0134)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR6-FP1 release. All running instances of IBM Java must be restarted for the update to take effect." ); # https://www.ibm.com/developerworks/java/jdk/alerts/ script_set_attribute( attribute:"see_also", value:"https://developer.ibm.com/javasdk/support/security-vulnerabilities/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0134" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0424" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5888" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5889" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5887" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0410" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0417" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0415" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5899" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5898" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0368" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0411" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5878" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5910" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0416" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0373" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5907" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5884" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-5896" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0428" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0422" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0376" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0423" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0375" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0387" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0403" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4578" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-ibm-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0134"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL5", reference:"java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.7.0-ibm / java-1.7.0-ibm-demo / java-1.7.0-ibm-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-140213.NASL description IBM Java 6 was updated to version SR15-FP1 which received security and bug fixes. More information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_January_14_2 014_CPU last seen 2020-06-05 modified 2014-02-25 plugin id 72681 published 2014-02-25 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72681 title SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 8896) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0135.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 6 SR15-FP1 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 72320 published 2014-02-05 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72320 title RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0135) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0030.NASL description Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 51 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 71987 published 2014-01-16 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71987 title RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0030) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0414.NASL description Updated java-1.6.0-sun packages that fix several security issues are now available for Oracle Java for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. [Updated 12th May 2014] The package list in this erratum has been updated to make the packages available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation x86_64 channels on the Red Hat Network. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79011 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79011 title RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414) NASL family AIX Local Security Checks NASL id AIX_JAVA_JAN2014_ADVISORY.NASL description The version of Java SDK installed on the remote host is potentially affected by the following vulnerabilities : - Vulnerabilities in Oracle Java allow a remote attacker to bypass security features through flaws in XML document parsing. (CVE-2013-5878, CVE-2013-5910) - An information disclosure flaw in Oracle Java allows a remote attacker access to sensitive information through a flaw in the COBRA component. (CVE-2013-5884) - A vulnerability in Oracle Java allows a remote attacker to conduct a denial of service attack through a flaw in the Deployment component. (CVE-2013-5887) - Unspecified vulnerabilities exist in Oracle Java due to flaws in the Deployment component. (CVE-2013-5888, CVE-2013-5898, CVE-2013-5899, CVE-2014-0375, CVE-2014-0403, CVE-2014-0424) - Vulnerabilities in Oracle Java allow remote code execution through a flaw in the Deployment component. (CVE-2013-5889, CVE-2014-0387, CVE-2014-0410, CVE-2014-0415) - A vulnerability in Oracle Java allows a remote attacker to conduct a denial of service attack through a flaw in the COBRA component. (CVE-2013-5896) - A vulnerability in Oracle Java allows remote code execution through a flaw in the 2D component. (CVE-2013-5907) - An information disclosure and security bypass flaw exist in Oracle Java last seen 2020-06-01 modified 2020-06-02 plugin id 76871 published 2014-07-28 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76871 title AIX Java Advisory : java_jan2014_advisory.asc NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-30.NASL description The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72139 published 2014-01-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72139 title GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0705.NASL description Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.1-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7R1 SR1 release. All running instances of IBM Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76900 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76900 title RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_7_0-IBM-140206.NASL description This update contains the Oracle January 14 2014 CPU for java-1_7_0-ibm. Find more information at: http://www.ibm.com/developerworks/java/jdk/alerts/#Oracle_January_14_2 014_CPU last seen 2020-06-05 modified 2014-02-18 plugin id 72555 published 2014-02-18 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72555 title SuSE 11.3 Security Update : IBM Java (SAT Patch Number 8878) NASL family Windows NASL id ORACLE_JAVA_CPU_JAN_2014.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 51, 6 Update 71, or 5 Update 61. It is, therefore, potentially affected by security issues in the following components : - 2D - Beans - CORBA - Deployment - Hotspot - Install - JAAS - JavaFX - JAXP - JNDI - JSSE - Libraries - Networking - Security - Serviceability last seen 2020-06-01 modified 2020-06-02 plugin id 71966 published 2014-01-15 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71966 title Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) NASL family Misc. NASL id DOMINO_9_0_1_FP1.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x prior to 9.0.1 Fix Pack 1 (FP1). It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure last seen 2020-06-01 modified 2020-06-02 plugin id 73968 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73968 title IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id LOTUS_NOTES_9_0_1_FP1.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73970 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73970 title IBM Notes 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities NASL family Windows NASL id LOTUS_DOMINO_9_0_1_FP1.NASL description The remote host has a version of IBM Domino (formerly Lotus Domino) 8.0.x / 8.5.x / 9.0.x that is bundled with an IBM Java version prior to 1.6 SR15 FP1. It is, therefore, affected by the vulnerabilities mentioned in the Oracle Java Critical Patch Update advisories for October 2013 and January 2014. last seen 2020-06-01 modified 2020-06-02 plugin id 73969 published 2014-05-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73969 title IBM Domino 8.0.x / 8.5.x / 9.0.x with IBM Java < 1.6 SR15 FP1 Multiple Vulnerabilities (credentialed check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0982.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4, 5.5, and 5.6. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-0878, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) Users of Red Hat Network Satellite Server 5.4, 5.5, and 5.6 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 79039 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79039 title RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982) NASL family Misc. NASL id ORACLE_JAVA_CPU_JAN_2014_UNIX.NASL description The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than 7 Update 51, 6 Update 71, or 5 Update 61. It is, therefore, potentially affected by security issues in the following components : - 2D - Beans - CORBA - Deployment - Hotspot - Install - JAAS - JavaFX - JAXP - JNDI - JSSE - Libraries - Networking - Security - Serviceability last seen 2020-06-01 modified 2020-06-02 plugin id 71967 published 2014-01-15 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71967 title Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/64758
- http://www.securitytracker.com/id/1029608
- http://osvdb.org/102007
- http://secunia.com/advisories/56485
- http://secunia.com/advisories/56535
- http://www.securityfocus.com/bid/64916
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html
- http://rhn.redhat.com/errata/RHSA-2014-0135.html
- http://rhn.redhat.com/errata/RHSA-2014-0030.html
- http://rhn.redhat.com/errata/RHSA-2014-0134.html
- http://marc.info/?l=bugtraq&m=139402697611681&w=2
- http://marc.info/?l=bugtraq&m=139402749111889&w=2
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90339
- https://access.redhat.com/errata/RHSA-2014:0414