ID

VAR-201302-0239


CVE

CVE-2013-0438


TITLE

Oracle Java contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#858729

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component. This vulnerability affects the following supported versions: 7 Update 11 and prior 6 Update 38 and prior Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 Java for OS X 2013-001 and Mac OS X v10.6 Update 13 is now available and addresses the following: Java Available for: OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_37 Description: Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/ releasenotes-136954.html CVE-ID CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0446 CVE-2013-0450 CVE-2013-1473 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1481 Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java Description: Multiple vulnerabilities existed in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-1486 CVE-2013-1487 CVE-2013-1488 Malware removal Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found. Java for OS X 2013-001 and Java for Mac OS X 10.6 Update 13 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.Update13.dmg Its SHA-1 digest is: 5327984bc0b300c237fe69cecf69513624f56b0e For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-001.dmg Its SHA-1 digest is: 145d74354241cf2f567d2768bbd0a7185e7d308a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRI/A/AAoJEPefwLHPlZEwDp4QAKz9nfo397KaudpFDey26bsb GNR8HQ3Z5Ln0ArgwBcc2XabzIYXsjmY7nPdZgq1m0sWgFGWtfQ7qslRooUyNLOsB WUddu+hQYvPn3CJOZsaPfTA2mfK6Qk9LeyqzUUkZrRNltHnIFMO7uXLEIdrFdnnx exFMPjbIq+xM5UZgvd/2grtF4DaZHnbcK+t/tDwH09/hGRQ+l+3a/3FB2S1Av85c FSuiieyrz2NNnDwFCj5NeSFQuK7hr52TiSOEPYI2eiTepyBHrUy03wAe8uwIzQII RjkY3Nbc8AZt0Q6lq5TgsQbH+vrwVE07nty36uMKmE2vJXyOAIZjfrrwv9SetLwd QnU5NYMbeHAHmSN5JQfuvDxEfL15/7Jafw2noJGotdrMzs6XQACFIHKqLORdwNkp sltj3LwykpcyoCR8Dq7NPafqhp2wySaHX8DFSohcq1aa1w+SLDgPCZUAzknwokCL f/hVQzP6hD0uHP/2jsLjh5g6TgHmCRdR+CKCs7QZaYAUketelRX9YOcgcXzqf5sy EcbDvJ+rd3KsQ9gIByGwVhHD87NSZDJAyG0ROjMMS9w/7l7nhGxedzGzlyK3oNl/ VpewgZ8FpUrvY80HOPz5XyFmX+HQoSnJ8er6OI5AvHBPn+Z1yHDLS5zpLeDD/wO9 rmbzMJjZUnlCDXoLEVQ9 =qlVo -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03714148 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03714148 Version: 1 HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-03-25 Last Updated: 2013-03-22 Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities? Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. References: CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0169, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1489, CVE-2013-1493 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.04 and earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-1541 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3213 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-3342 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0169 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2013-0351 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-0409 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0419 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0423 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0424 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0425 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0426 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0427 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0428 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0429 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0431 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2013-0433 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-0434 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0435 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0437 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0438 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-0440 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-0441 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0442 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0443 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-0444 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2013-0445 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0446 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0449 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2013-0450 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-0809 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1473 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1475 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1476 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1478 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1480 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1484 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1485 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2013-1486 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1487 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1489 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2013-1493 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location http://www.hp.com/java HP-UX B.11.23, B.11.31 JDK and JRE v7.0.05 or subsequent MANUAL ACTIONS: Yes - Update For Java v7.0 update to Java v7.0.05 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.04.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 25 March 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-ibm security update Advisory ID: RHSA-2013:0626-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0626.html Issue date: 2013-03-11 CVE Names: CVE-2012-1541 CVE-2012-3174 CVE-2012-3213 CVE-2012-3342 CVE-2013-0351 CVE-2013-0409 CVE-2013-0419 CVE-2013-0422 CVE-2013-0423 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0437 CVE-2013-0438 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0446 CVE-2013-0449 CVE-2013-0450 CVE-2013-0809 CVE-2013-1473 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486 CVE-2013-1487 CVE-2013-1493 ===================================================================== 1. Summary: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2012-1541, CVE-2012-3174, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0422, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0449, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487, CVE-2013-1493) All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4 release. All running instances of IBM Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 894172 - CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017) 894934 - CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933) 906447 - CVE-2013-0431 OpenJDK: JMX Introspector missing package access check (JMX, 8000539, SE-2012-01 Issue 52) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906932 - CVE-2013-0449 Oracle JDK: unspecified vulnerability fixed in 7u13 (Deployment) 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907218 - CVE-2013-0444 OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907222 - CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D) 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting) 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446) 913021 - CVE-2013-1484 OpenJDK: MethodHandleProxies insufficient privilege checks (Libraries, 8004937) 913025 - CVE-2013-1485 OpenJDK: MethodHandles insufficient privilege checks (Libraries, 8006439) 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment) 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014) 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm ppc: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.ppc.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.s390.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.i386.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm ppc64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.ppc64.rpm s390x: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.s390x.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.i686.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.i686.rpm x86_64: java-1.7.0-ibm-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-demo-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-devel-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-jdbc-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-plugin-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm java-1.7.0-ibm-src-1.7.0.4.0-1jpp.2.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1541.html https://www.redhat.com/security/data/cve/CVE-2012-3174.html https://www.redhat.com/security/data/cve/CVE-2012-3213.html https://www.redhat.com/security/data/cve/CVE-2012-3342.html https://www.redhat.com/security/data/cve/CVE-2013-0351.html https://www.redhat.com/security/data/cve/CVE-2013-0409.html https://www.redhat.com/security/data/cve/CVE-2013-0419.html https://www.redhat.com/security/data/cve/CVE-2013-0422.html https://www.redhat.com/security/data/cve/CVE-2013-0423.html https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0431.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0437.html https://www.redhat.com/security/data/cve/CVE-2013-0438.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0444.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0446.html https://www.redhat.com/security/data/cve/CVE-2013-0449.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-0809.html https://www.redhat.com/security/data/cve/CVE-2013-1473.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://www.redhat.com/security/data/cve/CVE-2013-1484.html https://www.redhat.com/security/data/cve/CVE-2013-1485.html https://www.redhat.com/security/data/cve/CVE-2013-1486.html https://www.redhat.com/security/data/cve/CVE-2013-1487.html https://www.redhat.com/security/data/cve/CVE-2013-1493.html https://access.redhat.com/security/updates/classification/#critical https://www.ibm.com/developerworks/java/jdk/alerts/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRPja8XlSAg2UNWIIRAheUAJ0YfD3Wq1TJTNvd9g6aoCaIIOMstgCfRXuh Y+iAc4f3P9/We3tINcGRMdo= =Yacn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The updates can be downloaded from HP Software Support Online (SSO). HP Product/Version Platform/Component Location HP Service Manager 9.31.2004 p2 AIX Server http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_0041 HP Service Manager 9.31.2004 p2 HP Itanium Server http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00420 HP Service Manager 9.31.2004 p2 Linux Server http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00421 HP Service Manager 9.31.2004 p2 Solaris Server http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00422 HP Service Manager 9.31.2004 p2 Web Tier http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00424 HP Service Manager 9.31.2004 p2 Windows Client http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00425 HP Service Manager 9.31.2004 p2 KnowledgeManagement http://support.openview.hp.com/selfsolve/document/FID/DOCUMENTUM_HPSM_00426 HP Service Manager 7.11.655 p21 AIX Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00482 HP Service Manager 7.11.655 p21 HP Itanium Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00483 HP Service Manager 7.11.655 p21 HP parisc Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00484 HP Service Manager 7.11.655 p21 Linux x86 Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00485 HP Service Manager 7.11.655 p21 Solaris Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00486 HP Service Manager 7.11.655 p21 Windows Server http://support.openview.hp.com/selfsolve/document/LID/HPSM_00487 HP Service Manager 7.11.655 p21 Web Tier http://support.openview.hp.com/selfsolve/document/LID/HPSM_00488 HP Service Manager 7.11.655 p21 Windows Client http://support.openview.hp.com/selfsolve/document/LID/HPSM_00489 HP ServiceCenter 6.2.8.14 AIX Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00279 HP ServiceCenter 6.2.8.14 HP Itanium Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00280 HP ServiceCenter 6.2.8.14 HP parisc Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00281 HP ServiceCenter 6.2.8.14 Linux Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00282 HP ServiceCenter 6.2.8.14 Solaris Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00283 HP ServiceCenter 6.2.8.14 Windows Server http://support.openview.hp.com/selfsolve/document/LID/HPSC_00284 HP ServiceCenter 6.2.8.14 Web Tier http://support.openview.hp.com/selfsolve/document/LID/HPSC_00285 HP ServiceCenter 6.2.8.14 Windows Client http://support.openview.hp.com/selfsolve/document/LID/HPSC_00286 HISTORY Version:1 (rev.1) - 29 April 2013 Initial release Version:2 (rev.2) - 30 October 2013 added HP Service Manager v7.11 Version:3 (rev.3) - 11 December 2013 added HP ServiceCenter v6.2.8 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Oracle Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 RELEASE DATE: 2013-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/52064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 3) An unspecified error in the AWT component of the client deployment can be exploited to potentially execute arbitrary code. 4) An unspecified error in the AWT component of the client deployment can be exploited to potentially execute arbitrary code. 5) An unspecified error in the AWT component of the client and server deployment can be exploited to potentially execute arbitrary code. 6) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 7) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 8) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 9) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 10) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 11) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 12) An unspecified error in the JMX component of the client deployment can be exploited to potentially execute arbitrary code. 13) An unspecified error in the JavaFX component of the client deployment can be exploited to potentially execute arbitrary code. 14) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 15) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 16) An unspecified error in the Libraries component of the client deployment can be exploited to potentially execute arbitrary code. 17) An unspecified error in the Scripting component of the client deployment can be exploited to potentially execute arbitrary code. 18) An unspecified error in the Sound component of the client deployment can be exploited to potentially execute arbitrary code. 19) An unspecified error in the Beans component of the client deployment can be exploited to potentially execute arbitrary code. 20) An unspecified error in the CORBA component of the client deployment can be exploited to potentially execute arbitrary code. 21) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 22) An unspecified error in the Deployment component of the client deployment can be exploited to potentially execute arbitrary code. 23) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS. 24) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges. 25) An unspecified error in the AWT component of the client deployment can be exploited to disclose and manipulate certain data. 26) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 27) An unspecified error in the Deployment component of the client deployment can be exploited to manipulate certain data. 28) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose certain data. 29) An unspecified error in the JAXP component of the client deployment can be exploited to disclose certain data. 30) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 31) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 32) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 33) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 34) An unspecified error in the Networking component of the client deployment can be exploited to manipulate certain data. 35) An unspecified error in the RMI component of the client deployment can be exploited to manipulate certain data. 36) An unspecified error in the JSSE component of the server deployment can be exploited via SSL/TLS to cause a DoS. 37) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 38) An unspecified error in the JSSE component of the client deployment can be exploited via SSL/TLS to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * JDK and JRE 7 Update 11 and earlier. * JDK and JRE 6 Update 38 and earlier. * JDK and JRE 5.0 Update 38 and earlier. * SDK and JRE 1.4.2_40 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: One of the vulnerabilities is reported as a 0-day. It is currently unclear who reported the remaining vulnerabilities as the Oracle Jave SE Critical Patch Update for February 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2013-0438 // CERT/CC: VU#858729 // BID: 57708 // PACKETSTORM: 123734 // PACKETSTORM: 120419 // PACKETSTORM: 120971 // PACKETSTORM: 120739 // PACKETSTORM: 120735 // PACKETSTORM: 123735 // PACKETSTORM: 124431 // PACKETSTORM: 120009

AFFECTED PRODUCTS

vendor:oraclemodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jre 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 12scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.7

Trust: 0.9

vendor:sunmodel:jre 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 14scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 02scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 01scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 17scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 14scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 11scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 10scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 07scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 05scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 04scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdkscope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 20scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 18scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 02scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 9scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 8scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 11scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 10scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 38scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 22scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 9scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 8scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 11scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 10scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 37scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdkscope:eqversion:1.7

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 4scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 2scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 38scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 35scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 30scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 25scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 24scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 22scope: - version: -

Trust: 0.9

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.6

vendor:sunmodel:jre 1.6.0 20scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.6.0 2scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.6.0 01scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 01-b06scope:eqversion:1.6

Trust: 0.6

vendor:xeroxmodel:freeflow print server 73.c5.11scope: - version: -

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 ltssscope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 for vmware ltscope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise java sp2scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise java sp4scope:eqversion:10

Trust: 0.3

vendor:sunmodel:jdk 1.6.0 01-b06scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 01scope:eqversion:1.6

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:eqversion:3.27.0

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:6)5.5

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:5)5.5

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:9.31

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:9.30

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:7.11

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:7.5.0.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.11

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.5.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.5

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.1.0.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.5

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:6.1.0.11

Trust: 0.3

vendor:ibmmodel:websphere ilog jrulesscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration virtual appliancscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration studioscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration physical applianscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration live saas offeriscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli system automation for integrated operations managementscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:tivoli remote controlscope:eqversion:5.1.2

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.4

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.2.1

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:8.2.1

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:4.2.1

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.41

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.40

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.23

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.21

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.20

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.1.0

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.5

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.0

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56009.7

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.21-21

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.21-20

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.1

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2.3

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.2.2

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.0.5

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:eqversion:1.3.0.4

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0.7

Trust: 0.3

vendor:ibmmodel:maximo asset management essentialsscope:eqversion:7.5

Trust: 0.3

vendor:ibmmodel:maximo asset management essentialsscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:7.5

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:7.1

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.4

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.0.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.6

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.5

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.4

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.3

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.4

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.3

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.2

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.1.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.0.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.4

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.3

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.2

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:java se sr3scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java se sr2scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java se sr1scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java se sr4scope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:java se sr12scope:eqversion:6

Trust: 0.3

vendor:ibmmodel:java se sr11scope:eqversion:6

Trust: 0.3

vendor:ibmmodel:java sdk sr3scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java sdk sr2scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java sdk sr1scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java sdk sr4scope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:java sdk sr3scope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:java sdk sr12scope:eqversion:6

Trust: 0.3

vendor:ibmmodel:java sdk sr11scope:eqversion:6

Trust: 0.3

vendor:ibmmodel:java sdk sr10scope:eqversion:6

Trust: 0.3

vendor:hpmodel:servicecenter web tierscope:eqversion:6.2.8

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:9.31

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:9.30

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:7.11

Trust: 0.3

vendor:hpmodel:nonstop server j6.0.14.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.16scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.15scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.14scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.13scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.12.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.27scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.25scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.23scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.00scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura conferencing sp1 standardscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:neversion:3.29.0

Trust: 0.3

vendor:ibmmodel:tivoli system automation for integrated operations managementscope:neversion:2.1.1.4

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibus fix packscope:neversion:7.41

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibus fix packscope:neversion:7.3.16

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibus fix packscope:neversion:7.311

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibus fix packscope:neversion:7.2.113

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:neversion:6.1.10

Trust: 0.3

vendor:ibmmodel:storwize unifiedscope:neversion:v70001.4.1.0

Trust: 0.3

vendor:ibmmodel:scale out network attached storagescope:neversion:1.4.1.0

Trust: 0.3

vendor:ibmmodel:lotus notes fix packscope:neversion:8.5.35

Trust: 0.3

vendor:ibmmodel:lotus domino fix packscope:neversion:8.5.35

Trust: 0.3

vendor:ibmmodel:java se sr4scope:neversion:7

Trust: 0.3

vendor:ibmmodel:java se sr5scope:neversion:6.0.1

Trust: 0.3

vendor:ibmmodel:java se sr13scope:neversion:6

Trust: 0.3

vendor:ibmmodel:java sdk sr4scope:neversion:7

Trust: 0.3

vendor:ibmmodel:java sdk sr5scope:neversion:6.0.1

Trust: 0.3

vendor:ibmmodel:java sdk sr13scope:neversion:6

Trust: 0.3

vendor:hpmodel:service manager p2scope:neversion:9.31.2004

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:neversion:7.0

Trust: 0.3

sources: CERT/CC: VU#858729 // BID: 57708 // NVD: CVE-2013-0438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0438
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2013-0438
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: NVD: CVE-2013-0438

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-0438

THREAT TYPE

network

Trust: 0.3

sources: BID: 57708

TYPE

Unknown

Trust: 0.3

sources: BID: 57708

EXTERNAL IDS

db:CERT/CCid:VU#858729

Trust: 2.1

db:NVDid:CVE-2013-0438

Trust: 2.0

db:BIDid:57708

Trust: 1.3

db:USCERTid:TA13-032A

Trust: 1.0

db:ICS CERTid:ICSA-17-213-02

Trust: 0.3

db:PACKETSTORMid:123734

Trust: 0.1

db:PACKETSTORMid:120419

Trust: 0.1

db:PACKETSTORMid:120971

Trust: 0.1

db:PACKETSTORMid:120739

Trust: 0.1

db:PACKETSTORMid:120735

Trust: 0.1

db:PACKETSTORMid:123735

Trust: 0.1

db:PACKETSTORMid:124431

Trust: 0.1

db:SECUNIAid:52064

Trust: 0.1

db:PACKETSTORMid:120009

Trust: 0.1

sources: CERT/CC: VU#858729 // BID: 57708 // PACKETSTORM: 123734 // PACKETSTORM: 120419 // PACKETSTORM: 120971 // PACKETSTORM: 120739 // PACKETSTORM: 120735 // PACKETSTORM: 123735 // PACKETSTORM: 124431 // PACKETSTORM: 120009 // NVD: CVE-2013-0438

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Trust: 2.2

url:http://www.kb.cert.org/vuls/id/858729

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2013-1455.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2013-1456.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136439120408139&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=136570436423916&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=136733161405818&w=2

Trust: 1.0

url:http://rhn.redhat.com/errata/rhsa-2013-0236.html

Trust: 1.0

url:http://rhn.redhat.com/errata/rhsa-2013-0237.html

Trust: 1.0

url:http://www.securityfocus.com/bid/57708

Trust: 1.0

url:http://www.us-cert.gov/cas/techalerts/ta13-032a.html

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16582

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19288

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19485

Trust: 1.0

url:http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html

Trust: 0.9

url:http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showcomment=1353874245992#c4794680666510382012

Trust: 0.8

url:http://codeascraft.etsy.com/2013/03/18/java-not-even-once/

Trust: 0.8

url:http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx

Trust: 0.8

url:https://www-304.ibm.com/support/docview.wss?uid=swg21650822

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-3342

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-3213

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0428

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0351

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0433

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0435

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0409

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0419

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0438

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0434

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0432

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0426

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0440

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0427

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0423

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0425

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0424

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-1541

Trust: 0.5

url:https://www.redhat.com/security/data/cve/cve-2013-1476.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0428.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1480.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0425.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0419.html

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0409.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0423.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0443.html

Trust: 0.4

url:https://access.redhat.com/security/team/key/#package

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0809.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1487.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0351.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0427.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0433.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1493.html

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-1541.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-3213.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0441.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0432.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0446.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0450.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1473.html

Trust: 0.4

url:http://bugzilla.redhat.com/):

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-3342.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0426.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0440.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0445.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0442.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0424.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1486.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0438.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1478.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0435.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0434.html

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0442

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0446

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0441

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0443

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0445

Trust: 0.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21650623

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03748879

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21644918

Trust: 0.3

url:http://www.oracle.com/technetwork/java/index.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033920

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033922

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24031555

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034621

Trust: 0.3

url:http://support.apple.com/kb/ht5666

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-02

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2013/feb/msg00000.html

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03748879

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1

Trust: 0.3

url:https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c03714148-1%257cdoclocale%253d%

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta

Trust: 0.3

url:http://www.ibm.com/developerworks/java/jdk/alerts/#ibm_security_update_november_2012

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034507

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21634069

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635160

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100169783

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633170

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643544

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635864

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21643697

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21642358

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21628927

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004390

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004342

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21628250

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643618

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643513

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633669

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2013-1481.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0429

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0437

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0431

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2013-2468.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1540.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2463.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2446.html

Trust: 0.2

url:https://access.redhat.com/site/articles/11258

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1500.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2419.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0401.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2444.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2454.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5089.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1722.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5079.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2422.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1721.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5081.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5071.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1532.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-3216.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5069.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5084.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2451.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-4820.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1569.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5073.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-4823.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2435.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2456.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-3743.html

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2407.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2470.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5068.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-4822.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-3159.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1557.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5075.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2471.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2429.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2443.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1713.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2457.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2412.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5072.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1718.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1537.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1717.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1531.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2432.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2447.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2452.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1491.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2464.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1571.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2383.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2418.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0547.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1563.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2465.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2472.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2466.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2424.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2453.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2473.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2433.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2437.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1716.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-5083.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1533.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2450.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-3143.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1725.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2417.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2394.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2455.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1682.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2442.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2459.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2430.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-0551.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2448.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2012-1719.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2384.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0169.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2469.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2420.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-2440.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1473

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1478

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1476

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0444

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://www.ibm.com/developerworks/java/jdk/alerts/

Trust: 0.2

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2011-0873.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3548.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3521

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3556.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3563.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3546

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3551.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0497.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0500.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3389.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3561.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0863.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0499.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0862

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0867.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0507.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3552.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0814.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3547.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3549

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0503.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3554.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3549.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3553

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3516.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0871.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3554

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0868.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3548

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3521.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3547

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3553.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3545

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0802.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0865.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3516

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3545.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0862.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3561

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3556

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3544.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0867

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0506.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0501.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0869

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3560.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3550

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3557.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0865

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0502.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0498.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3560

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3546.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3552

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3544

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-0869.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0863

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-3550.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2011-5035.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3557

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-0505.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0871

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0868

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0802

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0814

Trust: 0.1

url:http://support.apple.com/kb/ht1222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1475

Trust: 0.1

url:http://www.apple.com/support/downloads/

Trust: 0.1

url:http://www.oracle.com/technetwork/java/javase/

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:http://www.o

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:http://www.hp.com/java

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:https://www.hp.com/go/swa

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-0625.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0809

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0431.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0437.html

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-0626.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0444.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0422

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0422.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1484.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-3174.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1485.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3174

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0449.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3143

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1533

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3216

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0547

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1532

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5069

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0551

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4820

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1717

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1716

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1531

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5071

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1713

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5072

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3159

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-5073

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00486

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_0041

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00424

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00488

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0436

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00422

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00282

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00489

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00280

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00484

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00426

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00482

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00284

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0430

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00283

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00483

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4301

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1543

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00421

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00286

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4305

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00281

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00285

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00487

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0439

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/fid/documentum_hpsm_00425

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsc_00279

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00485

Trust: 0.1

url:http://secunia.com/advisories/52064/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=52064

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/52064/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CERT/CC: VU#858729 // BID: 57708 // PACKETSTORM: 123734 // PACKETSTORM: 120419 // PACKETSTORM: 120971 // PACKETSTORM: 120739 // PACKETSTORM: 120735 // PACKETSTORM: 123735 // PACKETSTORM: 124431 // PACKETSTORM: 120009 // NVD: CVE-2013-0438

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 123734 // PACKETSTORM: 120739 // PACKETSTORM: 120735 // PACKETSTORM: 123735

SOURCES

db:CERT/CCid:VU#858729
db:BIDid:57708
db:PACKETSTORMid:123734
db:PACKETSTORMid:120419
db:PACKETSTORMid:120971
db:PACKETSTORMid:120739
db:PACKETSTORMid:120735
db:PACKETSTORMid:123735
db:PACKETSTORMid:124431
db:PACKETSTORMid:120009
db:NVDid:CVE-2013-0438

LAST UPDATE DATE

2024-11-08T21:26:02.031000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#858729date:2013-06-14T00:00:00
db:BIDid:57708date:2017-08-11T18:10:00
db:NVDid:CVE-2013-0438date:2022-05-13T14:53:00.777

SOURCES RELEASE DATE

db:CERT/CCid:VU#858729date:2013-02-01T00:00:00
db:BIDid:57708date:2013-02-01T00:00:00
db:PACKETSTORMid:123734date:2013-10-23T22:57:57
db:PACKETSTORMid:120419date:2013-02-20T19:22:22
db:PACKETSTORMid:120971date:2013-03-27T14:12:55
db:PACKETSTORMid:120739date:2013-03-11T22:52:28
db:PACKETSTORMid:120735date:2013-03-11T22:51:48
db:PACKETSTORMid:123735date:2013-10-23T22:58:21
db:PACKETSTORMid:124431date:2013-12-14T11:11:00
db:PACKETSTORMid:120009date:2013-02-04T10:48:27
db:NVDid:CVE-2013-0438date:2013-02-02T00:55:02.083