ID

VAR-201302-0407


CVE

CVE-2013-1480


TITLE

Oracle Java contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#858729

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. (DoS) An attack may be carried out. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Java AWT Image Transform library functions. For certain image transformation functions, Java fails to take the 'numBands' into account during the allocation of heap memory and instead uses a static value of 0x4. The allocated memory is later written to inside a loop that uses the 'numBands' value which can result in a memory corruption. This can lead to remote code execution under the context of the current process. Note: This issue was previously discussed in BID 57670 (Oracle Java Runtime Environment Multiple Security Vulnerabilities) but has been given its own record to better document it. This vulnerability affects the following supported versions: 7 Update 11, 6 Update 38, 5.0 Update 38, 1.4.2_40. ============================================================================ Ubuntu Security Notice USN-1724-1 February 14, 2013 openjdk-6, openjdk-7 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK. An attacker could exploit these to cause a denial of service. (CVE-2012-1541, CVE-2012-3342, CVE-2013-0351, CVE-2013-0419, CVE-2013-0423, CVE-2013-0446, CVE-2012-3213, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0441, CVE-2013-0442, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480) Vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. (CVE-2013-0409, CVE-2013-0434, CVE-2013-0438) Several data integrity vulnerabilities were discovered in the OpenJDK JRE. (CVE-2013-0424, CVE-2013-0427, CVE-2013-0433, CVE-2013-1473) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0432, CVE-2013-0435, CVE-2013-0443) A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service. (CVE-2013-0440) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 12.10. (CVE-2013-0444) A data integrity vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0448) An information disclosure vulnerability was discovered in the OpenJDK JRE. This issue only affected Ubuntu 12.10. (CVE-2013-0449) A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 12.10. (CVE-2013-1481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: icedtea-7-jre-jamvm 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-headless 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-lib 7u13-2.3.6-0ubuntu0.12.10.1 openjdk-7-jre-zero 7u13-2.3.6-0ubuntu0.12.10.1 Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.12.04.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.12.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.12.04.2 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.11.10.2 icedtea-6-jre-jamvm 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.11.10.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.11.10.2 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-headless 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-lib 6b27-1.12.1-2ubuntu0.10.04.2 openjdk-6-jre-zero 6b27-1.12.1-2ubuntu0.10.04.2 This update uses a new upstream release which includes additional bug fixes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2013:0245-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0245.html Issue date: 2013-02-08 CVE Names: CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393) 860652 - CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50) 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318) 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068) 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972) 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977) 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057) 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325) 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537) 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29) 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952) 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392) 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509) 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528) 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235) 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941) 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071) 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631) 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066) 907460 - CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.54.1.11.6.el6_3.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.54.1.11.6.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0424.html https://www.redhat.com/security/data/cve/CVE-2013-0425.html https://www.redhat.com/security/data/cve/CVE-2013-0426.html https://www.redhat.com/security/data/cve/CVE-2013-0427.html https://www.redhat.com/security/data/cve/CVE-2013-0428.html https://www.redhat.com/security/data/cve/CVE-2013-0429.html https://www.redhat.com/security/data/cve/CVE-2013-0432.html https://www.redhat.com/security/data/cve/CVE-2013-0433.html https://www.redhat.com/security/data/cve/CVE-2013-0434.html https://www.redhat.com/security/data/cve/CVE-2013-0435.html https://www.redhat.com/security/data/cve/CVE-2013-0440.html https://www.redhat.com/security/data/cve/CVE-2013-0441.html https://www.redhat.com/security/data/cve/CVE-2013-0442.html https://www.redhat.com/security/data/cve/CVE-2013-0443.html https://www.redhat.com/security/data/cve/CVE-2013-0445.html https://www.redhat.com/security/data/cve/CVE-2013-0450.html https://www.redhat.com/security/data/cve/CVE-2013-1475.html https://www.redhat.com/security/data/cve/CVE-2013-1476.html https://www.redhat.com/security/data/cve/CVE-2013-1478.html https://www.redhat.com/security/data/cve/CVE-2013-1480.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRFVVkXlSAg2UNWIIRAj6IAJ9pyNWKcES0d/HAkxu8/nazgM+tGgCgsH48 491W7PbYZVogid5QvYiYwv8= =d0CL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU [1]. [Issue 29] This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages. Proxy objects defined in a NULL class loader namespaces are of a particular interest here. Such objects can be used to manipulate instances of certain restricted classes. In our Proof of Concept code we create such a proxy object for the com.sun.xml.internal.bind.v2.model.nav.Navigator interface. In order to use the aforementioned proxy object, we need an instance of that interface too. We obtain it with the help of Issue 28, which allows to access arbitrary field objects from restricted classes and interfaces. As a result, by combining Issue 27-29, one can use Navigator interface and make use of its sensitive Reflection API functionality such as obtaining access to methods of arbitrary classes. That condition can be further leveraged to obtain a complete JVM security bypass. Please, note that our Proof of Concept code for Issues 27-29 was reported to Oracle in Apr 2012 and depending Issues 27-28 were addressed by the company sooner than Issue 29. Testing of the PoC will thus give best results on older versions of Java SE 7. [Issue 50] Issue 50 allows to violate a fundamental security constraint of Java VM, which is type safety. This vulnerability is another instance of the problem related to the unsafe deserialization implemented by com.sun.corba.se.impl.io.ObjectStreamClass class. Its first instance was fixed by Oracle in Oct 2011 [2] and it stemmed from the fact that during deserialization insufficient type checks were done with respect to object references that were written to target object instance created by the means of deserialization. Such a reference writing was accomplished with the use of a native functionality of sun.corba.Bridge class. The problem that we found back in Sep 2012 was very similar to the first one. It was located in the same code (class) and was also exploiting direct writing of object references to memory with the use of putObject method. While the first type confusion issue allowed to write object references of incompatible types to correct field offsets, Issue 50 relied on the possibility to write object references of incompatible types to...invalid field offsets. It might be also worth to mention that Issue 50 was found to be present in Java SE Embedded [3]. That is Java version that is based on desktop Java SE and is used in today\x92s most powerful embedded systems such as aircraft and medical systems [4]. We verified that Oracle Java SE Embedded ver. 7 Update 6 from 10 Aug 2012 for ARM / Linux contained vulnerable implementation of ObjectStreamClass class. Unfortunately, we don't know any details regarding the impact of Issue 50 in the embedded space (which embedded systems are vulnerable to it, whether any feasible attack vectors exist, etc.). So, it's up to Oracle to clarify any potential concerns in that area. [Issue 52] Issue 52 relies on the possibility to call no-argument methods on arbitrary objects or classes. The vulnerability has its origin in com.sun.jmx.mbeanserver.Introspector class which is located in the same package as the infamous MBeanInstantiator bug found in the wild in early Jan 2013. The flaw stems from insecure call to invoke method of java.lang.reflect.Method class: if (method != null) return method.invoke(obj, new Object[0]); In our Proof of Concept code we exploit the above implementation by making a call to getDeclaredMethods method of java.lang.Class class to gain access to methods of restricted classes. This is accomplished with the use of the following code sequence: Introspector.elementFromComplex((Object)clazz,"declaredMethods") Access to public method objects of arbitrary restricted classes is sufficient to achieve a complete Java VM security sandbox compromise. We make use of DefiningClassLoader exploit vector for that purpose. [Issue 53] Issue 53 stems from the fact that Oracle's implementation of new security levels introduced by the company in Java SE 7 Update 10 did not take into account the fact that Applets can be instantiated with the use of serialization. Such a possibility is indicated both in HTML 4 Specification [5] as well as in Oracle's code. HTML 4 Specification contains the following description for the "object" attribute of APPLET element: object = cdata [CS] This attribute names a resource containing a serialized representation of an applet's state. It is interpreted relative to the applet's codebase. The serialized data contains the applet's class name but not the implementation. The class name is used to retrieve the implementation from a class file or archive. Additionally, Java 7 Update 10 (and 11) reveal the following code logic when it comes to the implementation of new security features (Java Control Panel security levels). [excerpt from sun.plugin2.applet.Plugin2Manager class] String object_attr = getSerializedObject(); String code_attr = getCode(); ... if(code_attr != null) { Class class1 = plugin2classloader.loadCode(code_attr); ... if(class1 != null) if (fireAppletSSVValidation()) ... } else { if(!isSecureVM) return; adapter.instantiateSerialApplet(plugin2classloader,object_attr); ... } The above clearly shows that the conditional block implementing Applet instantiation via deserialization does not contain a call to fireAppletSSVValidation method. This method conducts important security checks corresponding to security levels configured by Java Control Panel. The lack of a call to security checking method is equivalent to "no protection at all" as it allows for a silent Java exploit in particular. What's worth mentioning is that for Google Chrome the following HTML sequence needed to be used to activate target Applet code: <object type="application/x-java-applet" object="BlackBox.ser"> --- We have made our original reports sent to Oracle and describing Issues 29, 50, 52 and 53 available for download from our project details page: http://www.security-explorations.com/en/SE-2012-01-details.html Along with those reports we have also published the results of our quick Vulnerability Fix Experiment regarding Issue 50. We've never heard a word from Oracle regarding it. Company's fix for Issue 50 is not a mirror of the one we had proposed, but it does rely on Class object instances for hashtable access / caching of translated ObjectStreamClass fields. At the end, we would like to question Oracle's evaluation of the impact of Java vulnerabilities fixed by the Feb 2013 Java SE CPU. Oracle emphasized that patched vulnerabilities affect primarily Java Plugin / desktop environments and that only 3 of them apply to client and server deployments of Java. The 3 vulnerabilities Oracle refers to are specifically the following ones: CVE-2013-0437 Subcomponent 2D CVE-2013-1478 Subcomponent 2D CVE-2013-1480 Subcomponent AWT None of the vulnerabilities above seem to refer to the components where our discoveries were made (i.e. CORBA, JMX / BEANS). The tests we have conducted yesterday against the latest version of Oracle GlassFish Server 3.1.2.2 (with security manager enabled) and RMI Registry from JDK 7 Update 11 confirmed the possibility to launch an attack against remote RMI server with the use of a Java SE vulnerability. We tested Issues patched by the recent CPU such as the MBeanInstantiator bug, Issue 50 and 52 and were able to: 1) remotely load custom classes into the target Java RMI server (over RMI protocol), 2) completely break Java security sandbox with the use of a Java SE vulnerability (the one which "can be exploited only through untrusted Java Web Start applications / untrusted Java applets" according to Oracle's CPU). Although Oracle is aware [6] that Java SE vulnerabilities can be also exploited "in servers, by supplying malicious input to APIs in the vulnerable server component", the company rather undermines such a possibility by delivering a message that a majority of the vulnerabilities affect Java Plugin in the web browser or that in some cases, the exploitation scenario of Java SE bugs on servers is very improbable. In general, relying on a vulnerable Java SE version makes all of the products depending on it potentially vulnerable unless there is absolutely *no way* that a vulnerable component can be reached by an attacker. As long as an attack vector through RMI protocol is valid, a potential for remote exploitation of security issues in Java SE on servers should be always concerned. Thank You. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Oracle Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA52064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 RELEASE DATE: 2013-02-02 DISCUSS ADVISORY: http://secunia.com/advisories/52064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 2) An unspecified error in the 2D component of the client and server deployment can be exploited to potentially execute arbitrary code. 5) An unspecified error in the AWT component of the client and server deployment can be exploited to potentially execute arbitrary code. 23) An unspecified error in the Deployment component of the client deployment can be exploited to disclose and manipulate certain data and cause a DoS. 24) An unspecified error in the Install component of the client deployment can be exploited by a local user to gain escalated privileges. 25) An unspecified error in the AWT component of the client deployment can be exploited to disclose and manipulate certain data. 26) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 27) An unspecified error in the Deployment component of the client deployment can be exploited to manipulate certain data. 28) An unspecified error in the JAX-WS component of the client deployment can be exploited to disclose certain data. 29) An unspecified error in the JAXP component of the client deployment can be exploited to disclose certain data. 30) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 31) An unspecified error in the JMX component of the client deployment can be exploited to disclose certain data. 32) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 33) An unspecified error in the Libraries component of the client deployment can be exploited to manipulate certain data. 34) An unspecified error in the Networking component of the client deployment can be exploited to manipulate certain data. 35) An unspecified error in the RMI component of the client deployment can be exploited to manipulate certain data. 36) An unspecified error in the JSSE component of the server deployment can be exploited via SSL/TLS to cause a DoS. 37) An unspecified error in the Deployment component of the client deployment can be exploited to disclose certain data. 38) An unspecified error in the JSSE component of the client deployment can be exploited via SSL/TLS to disclose and manipulate certain data. The vulnerabilities are reported in the following products: * JDK and JRE 7 Update 11 and earlier. * JDK and JRE 6 Update 38 and earlier. * JDK and JRE 5.0 Update 38 and earlier. * SDK and JRE 1.4.2_40 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: One of the vulnerabilities is reported as a 0-day. It is currently unclear who reported the remaining vulnerabilities as the Oracle Jave SE Critical Patch Update for February 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.14

sources: NVD: CVE-2013-1480 // CERT/CC: VU#858729 // JVNDB: JVNDB-2013-001362 // ZDI: ZDI-13-022 // BID: 57691 // VULMON: CVE-2013-1480 // PACKETSTORM: 120166 // PACKETSTORM: 120739 // PACKETSTORM: 120334 // PACKETSTORM: 120735 // PACKETSTORM: 120165 // PACKETSTORM: 120030 // PACKETSTORM: 120050 // PACKETSTORM: 120009 // PACKETSTORM: 120031

AFFECTED PRODUCTS

vendor:oraclemodel:jrescope:lteversion:1.4.2_40

Trust: 1.8

vendor:sunmodel:jrescope:eqversion:1.4.2

Trust: 1.3

vendor:sunmodel:jrescope:eqversion:1.4.2_36

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_36

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_22

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.7.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_22

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.7.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_26

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_17

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_6

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_17

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_27

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_6

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_27

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_1

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_1

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_18

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_18

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_7

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_25

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_31

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_7

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_25

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_31

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_21

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_4

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_4

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.5.0

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.5.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_28

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_28

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_11

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_11

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.5.0

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.5.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_2

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_2

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_10

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_10

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_16

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_16

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_14

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_37

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_14

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_37

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_12

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_12

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_29

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_35

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_29

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_35

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_20

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_24

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_5

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_5

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_34

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_34

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_8

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.6.0

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_26

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_32

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_8

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_32

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_15

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_15

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_30

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_3

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_30

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_3

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_9

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_9

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_33

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_33

Trust: 1.0

vendor:oraclemodel:jrescope:eqversion:1.4.2_38

Trust: 1.0

vendor:oraclemodel:jdkscope:eqversion:1.4.2_38

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_23

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_23

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_19

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_19

Trust: 1.0

vendor:sunmodel:jrescope:eqversion:1.4.2_13

Trust: 1.0

vendor:sunmodel:jdkscope:eqversion:1.4.2_13

Trust: 1.0

vendor:oraclemodel:jdkscope:lteversion:1.4.2_40

Trust: 1.0

vendor:sunmodel:jre 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 17scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 8scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 30scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 32scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 15scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 1.5.0 17scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 01scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 1.6.0 18scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 35scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 16scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 22scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 05scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 28scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 14scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 21scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 20scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 38scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 25scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 07scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 35scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 31scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 18scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 27scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 06scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 19scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 23scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 10scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 18scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 05scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 03scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 17scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 2scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 10scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 8scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 2scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 20scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 12scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 14scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 04scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.5.0 36scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 10scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 04scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 25scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 35scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 32scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.5.0 36scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.5.0 38scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 37scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 11scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 27scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.5.0 38scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 14scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 15scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 30scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 16scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 25scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 04scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 12scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 1.5.0 26scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 33scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 7scope: - version: -

Trust: 0.9

vendor:sunmodel:jdkscope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.7

Trust: 0.9

vendor:sunmodel:jre 03scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 1.6.0 02scope: - version: -

Trust: 0.9

vendor:sunmodel:jrescope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 23scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 01scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 4scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 9scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jre 1.6.0 19scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 9scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 38scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 15scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 22scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 07scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 20scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 29scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 28scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 23scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 11scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 35scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 17scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 1.5.0 23scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 14scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 02scope:eqversion:1.5

Trust: 0.9

vendor:oraclemodel:jdk 1.7.0 7scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 32scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.6.0 02scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 27scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 13scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 10scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 28scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 05scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jre 1.7.0 4scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 01scope:eqversion:1.5

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 26scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 30scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 33scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 26scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.6.0 21scope: - version: -

Trust: 0.9

vendor:oraclemodel:jre 1.6.0 24scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 25scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 06scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 27scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 22scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 11scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk 18scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 10scope:eqversion:1.6

Trust: 0.9

vendor:oraclemodel:jdkscope:eqversion:1.7

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 26scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 22scope: - version: -

Trust: 0.9

vendor:oraclemodel:jdk 1.6.0 24scope: - version: -

Trust: 0.9

vendor:sunmodel:jre 1.5.0 29scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 31scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 30scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 15scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 02scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 13scope:eqversion:1.6

Trust: 0.9

vendor:sunmodel:jdk .0 05scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jdk 0 10scope:eqversion:1.5

Trust: 0.9

vendor:sunmodel:jre 1.5.0 13scope: - version: -

Trust: 0.9

vendor:sunmodel:jdk 1.5.0 24scope: - version: -

Trust: 0.9

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.7 and later

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.8 and later

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.7 and later

Trust: 0.8

vendor:oraclemodel:jdkscope:lteversion:5.0 update 38

Trust: 0.8

vendor:oraclemodel:jdkscope:lteversion:6 update 38

Trust: 0.8

vendor:oraclemodel:jdkscope:lteversion:7 update 11

Trust: 0.8

vendor:oraclemodel:jrescope:lteversion:5.0 update 38

Trust: 0.8

vendor:oraclemodel:jrescope:lteversion:6 update 38

Trust: 0.8

vendor:oraclemodel:jrescope:lteversion:7 update 11

Trust: 0.8

vendor:oraclemodel:sdkscope:lteversion:1.4.2_40

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:5.0 update 33

Trust: 0.8

vendor:sun microsystemsmodel:jdkscope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:1.4.2_37

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:5.0 update 33

Trust: 0.8

vendor:sun microsystemsmodel:jrescope:lteversion:6 update 21

Trust: 0.8

vendor:sun microsystemsmodel:sdkscope:lteversion:1.4.2_37

Trust: 0.8

vendor:hitachimodel:cosminexus application server enterprisescope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application server standardscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application server version 5scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus clientscope:eqversion:version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developer light version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer professional version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer standard version 6scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer version 5scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus developer's kit for javascope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:cosminexus server - standard edition version 4scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus server - web edition version 4scope: - version: -

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:- web edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus studioscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:-r

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:express

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard-r

Trust: 0.8

vendor:hitachimodel:ucosminexus application server enterprisescope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server smart editionscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application server standardscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus clientscope:eqversion:for plug-in

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:01

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional for plug-in

Trust: 0.8

vendor:hitachimodel:ucosminexus developer lightscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus developer standardscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus operatorscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus primary serverscope:eqversion:base

Trust: 0.8

vendor:hitachimodel:ucosminexus serverscope:eqversion:standard-r

Trust: 0.8

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:none

Trust: 0.8

vendor:hitachimodel:ucosminexus service platformscope:eqversion:- messaging

Trust: 0.8

vendor:oraclemodel:java runtimescope: - version: -

Trust: 0.7

vendor:sunmodel:jdk 1.5.0.0 11scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.5.0.0 09scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 11-b03scope:eqversion:1.5

Trust: 0.6

vendor:sunmodel:jdk 1.5.0 12scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk .0 04scope:eqversion:1.5

Trust: 0.6

vendor:sunmodel:jdk 01-b06scope:eqversion:1.6

Trust: 0.6

vendor:sunmodel:jdk .0 03scope:eqversion:1.5

Trust: 0.6

vendor:sunmodel:jdk 1.5.0.0 08scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.5.0.0 09scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.5.0.0 07scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.6.0 2scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.6.0 01scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 07-b03scope:eqversion:1.5

Trust: 0.6

vendor:sunmodel:jdk 06scope:eqversion:1.5

Trust: 0.6

vendor:sunmodel:jre 1.5.0.0 08scope: - version: -

Trust: 0.6

vendor:sunmodel:jre 1.6.0 20scope: - version: -

Trust: 0.6

vendor:sunmodel:jdk 1.5.0.0 12scope: - version: -

Trust: 0.6

vendor:susemodel:linux enterprise software development kit sp2scope:eqversion:11

Trust: 0.6

vendor:ibmmodel:java se sr13scope:neversion:6

Trust: 0.3

vendor:avayamodel:meeting exchange web conferencing serverscope:eqversion:-6.0

Trust: 0.3

vendor:ibmmodel:java sdk sr14scope:eqversion:5

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.5.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.1

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:6)5.5

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:eqversion:3.27.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:avayamodel:cms r15scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.19

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.00scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.3

Trust: 0.3

vendor:ibmmodel:java sdk sr15scope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:jdk 01scope:eqversion:1.6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:maximo asset management essentialsscope:eqversion:7.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.02scope: - version: -

Trust: 0.3

vendor:avayamodel:cms r16.3scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.02scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchange client registration serverscope:eqversion:-6.0

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2.11

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.3

vendor:schneider electricmodel:trio tview softwarescope:neversion:3.29.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.02scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.14scope: - version: -

Trust: 0.3

vendor:avayamodel:call management system r16.1scope: - version: -

Trust: 0.3

vendor:ibmmodel:java se sr2scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:ibmmodel:java sdk sr4scope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.03scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2.3

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.02scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.6

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:neversion:6.1.10

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:5)5.5

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:7.11

Trust: 0.3

vendor:ibmmodel:java se sr5scope:neversion:6.0.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.13scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:ibmmodel:java sdk sr13 fp11scope:eqversion:1.4.2

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.04scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.5

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.1.0.2

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:call management system r16.2scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.0.3

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.00scope: - version: -

Trust: 0.3

vendor:ibmmodel:java sdk sr3scope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.00scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration physical applianscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.12.00scope: - version: -

Trust: 0.3

vendor:avayamodel:irscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:java se sr4scope:neversion:7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.4

Trust: 0.3

vendor:ibmmodel:tivoli system automation for multiplatformsscope:eqversion:3.2.2

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.0.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:ibmmodel:tivoli system automation for integrated operations managementscope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.01scope: - version: -

Trust: 0.3

vendor:sunmodel:jre 02scope:eqversion:1.4.2

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:7.5

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:6.1.0.11

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.16scope: - version: -

Trust: 0.3

vendor:ibmmodel:java sdk sr3scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:7.5.0.0

Trust: 0.3

vendor:hpmodel:nonstop server j6.0.14.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0.7

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.2.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.2

Trust: 0.3

vendor:s u s emodel:suse core forscope:eqversion:9x86

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.3

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:neversion:7.2.1.5

Trust: 0.3

vendor:redhatmodel:enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.0.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp3 ltssscope:eqversion:10

Trust: 0.3

vendor:sunmodel:jdk 1.5.0 11scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration live saas offeriscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:java sdk sr13scope:neversion:6

Trust: 0.3

vendor:ibmmodel:smart analytics systemscope:eqversion:56009.7

Trust: 0.3

vendor:ibmmodel:java sdk sr1scope:eqversion:7

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:9.30

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.02

Trust: 0.3

vendor:ibmmodel:java sdk sr4scope:neversion:7

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.4

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:9.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.02scope: - version: -

Trust: 0.3

vendor:ibmmodel:java sdk sr5scope:neversion:6.0.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.00scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 1.5.0.0 04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.02scope: - version: -

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:9.31

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.00scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.3

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility services spscope:eqversion:6.16.1.0.9.8

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:nonstop server h06.24.01scope: - version: -

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.17

Trust: 0.3

vendor:avayamodel:aura system platformscope:neversion:6.3

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:jdk 1.5.0.0 06scope: - version: -

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.5

Trust: 0.3

vendor:sunmodel:jre 05scope:eqversion:1.4.2

Trust: 0.3

vendor:sunmodel:jre 01scope:eqversion:1.4.2

Trust: 0.3

vendor:hpmodel:nonstop server h06.25scope: - version: -

Trust: 0.3

vendor:sunmodel:jre 04scope:eqversion:1.4.2

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2.4.0.15

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.18

Trust: 0.3

vendor:ibmmodel:websphere ilog jrulesscope:eqversion:7.1.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.00scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:cms r17scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2.1.4

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:java se sr11scope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:15

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:7.11

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2

Trust: 0.3

vendor:sunmodel:jre 1.5.0 09scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integrationscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:cognos expressscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration virtual appliancscope:eqversion:6.3

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.00scope: - version: -

Trust: 0.3

vendor:sunmodel:jre betascope:eqversion:1.5.0

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp1scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2.5.0.15

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.1.1

Trust: 0.3

vendor:ibmmodel:tivoli system automation application managerscope:eqversion:3.2

Trust: 0.3

vendor:sunmodel:jdkscope:eqversion:1.5

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.04scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 for vmware ltscope:eqversion:11

Trust: 0.3

vendor:ibmmodel:java se sr1scope:eqversion:7

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:sunmodel:jdk 07scope:eqversion:1.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:hpmodel:nonstop server h06.15.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.24scope: - version: -

Trust: 0.3

vendor:ibmmodel:java se sr14scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office server editionscope:eqversion:8.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.02scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.16

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.03scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:call management system r16.3scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portal sp3scope:eqversion:5.1

Trust: 0.3

vendor:redhatmodel:enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.8.3

Trust: 0.3

vendor:ibmmodel:tivoli endpoint manager for remote controlscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.3

Trust: 0.3

vendor:hpmodel:nonstop server j06.13.01scope: - version: -

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.23scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli system automation for integrated operations managementscope:neversion:2.1.1.4

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.3.9.3

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:4.2

Trust: 0.3

vendor:sunmodel:jdk 1.5.0 11-b03scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.3

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.02scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:meeting exchange streaming serverscope:eqversion:-6.0

Trust: 0.3

vendor:avayamodel:call management system rscope:eqversion:16

Trust: 0.3

vendor:ibmmodel:java sdk sr2scope:eqversion:7

Trust: 0.3

vendor:ibmmodel:java se sr13-fp10scope:eqversion:1.4.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2

Trust: 0.3

vendor:ibmmodel:tivoli system automation for multiplatformsscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.5

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:ibmmodel:tivoli system automation application managerscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.3

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:hpmodel:servicecenter web tierscope:eqversion:6.2.8

Trust: 0.3

vendor:hpmodel:nonstop server h06.22.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:java se sr13-fp15scope:neversion:1.4.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.3

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.2

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.3

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.4

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:java sdk sr13-fp15scope:neversion:1.4.2

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:meeting exchange recording serverscope:eqversion:-6.0

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:ibmmodel:java se sr13scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.2.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.03scope: - version: -

Trust: 0.3

vendor:mercurymodel:interactive service manager web tierscope:eqversion:9.31

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:7.0.0.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:7.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.2

Trust: 0.3

vendor:ibmmodel:maximo asset management essentialsscope:eqversion:7.5

Trust: 0.3

vendor:ibmmodel:java se sr13-fp11scope:eqversion:1.4.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1.1

Trust: 0.3

vendor:ibmmodel:java sdk sr13 fp13scope:eqversion:1.4.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.15scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.02scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:4.2.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.00scope: - version: -

Trust: 0.3

vendor:avayamodel:aura presence services sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura presence services sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli system automation application managerscope:eqversion:3.2.1

Trust: 0.3

vendor:ibmmodel:websphere operational decision managementscope:eqversion:8.0.1

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.4

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.02scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:jre 07scope:eqversion:1.5

Trust: 0.3

vendor:hpmodel:nonstop server j06.07.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.5

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:nonstop server h06.19.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2.13

Trust: 0.3

vendor:sunmodel:jdk 0 09scope:eqversion:1.5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.5

Trust: 0.3

vendor:sunmodel:jre 1.5.0 08scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.4

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.2.2

Trust: 0.3

vendor:avayamodel:conferencing standard edition sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0.1

Trust: 0.3

vendor:ibmmodel:tivoli system automation for multiplatformsscope:eqversion:3.2

Trust: 0.3

vendor:hpmodel:nonstop server j06.11.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.26.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 ltssscope:eqversion:11

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.1

Trust: 0.3

vendor:avayamodel:messaging application serverscope:eqversion:5.2.1

Trust: 0.3

vendor:susemodel:linux enterprise java sp2scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.2

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.01scope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere cast iron cloud integration studioscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:aura conferencing sp1 standardscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.1.3

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:hpmodel:nonstop server j06.04.00scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5.0.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:cognos expressscope:eqversion:10.2.1

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:cognos expressscope:eqversion:9.5

Trust: 0.3

vendor:hpmodel:nonstop server h06.21.00scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.5

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.2.1.0.9

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53003.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.06.03scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:8.0.2.4

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.01scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 1.5.0 07-b03scope: - version: -

Trust: 0.3

vendor:ibmmodel:lotus notesscope:eqversion:9.0

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:java sdk sr16scope:neversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura experience portalscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:lotus dominoscope:eqversion:8.5.1

Trust: 0.3

vendor:avayamodel:aura experience portal sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.5

Trust: 0.3

vendor:ibmmodel:cognos expressscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.3

Trust: 0.3

vendor:avayamodel:cms r16scope: - version: -

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura system manager sp3scope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:sunmodel:jdk 1.6.0 01-b06scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:avayamodel:aura conferencingscope:eqversion:7.0

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:aura system platform sp1scope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:conferencing standard editionscope:neversion:7.0

Trust: 0.3

vendor:avayamodel:meeting exchange webportalscope:eqversion:-6.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.00scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli system automation application managerscope:eqversion:3.2.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:websphere message brokerscope:eqversion:8.0.0.2

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.03scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:5.1

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node supplementaryscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ibmmodel:maximo asset managementscope:eqversion:6.2

Trust: 0.3

vendor:hpmodel:nonstop server h06.16.02scope: - version: -

Trust: 0.3

vendor:sunmodel:jdk 1.5.0.0 03scope: - version: -

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.4

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1.0.9.8

Trust: 0.3

vendor:sunmodel:jre 03scope:eqversion:1.4.2

Trust: 0.3

vendor:ibmmodel:tivoli business service managerscope:eqversion:6.1

Trust: 0.3

vendor:hpmodel:nonstop server j06.05.00scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.3

Trust: 0.3

vendor:susemodel:linux enterprise java sp4scope:eqversion:10

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.3

Trust: 0.3

vendor:ibmmodel:rational host on-demandscope:eqversion:11.0

Trust: 0.3

vendor:ibmmodel:java se sr12scope:eqversion:6

Trust: 0.3

vendor:hpmodel:nonstop server h06.20.02scope: - version: -

Trust: 0.3

vendor:hpmodel:service manager p2scope:neversion:9.31.2004

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.11

Trust: 0.3

vendor:sunmodel:jdk 0 03scope:eqversion:1.5

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.09.02scope: - version: -

Trust: 0.3

vendor:s u s emodel:corescope:eqversion:9

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0.1

Trust: 0.3

vendor:ibmmodel:tivoli netcool/omnibusscope:eqversion:7.4

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:ibmmodel:tivoli application dependency discovery managerscope:eqversion:7.2.12

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.02scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server j06.08.03scope: - version: -

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:nonstop server j06.10.01scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:hpmodel:nonstop server h06.25.01scope: - version: -

Trust: 0.3

vendor:hpmodel:nonstop server h06.18.01scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.1

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:hpmodel:nonstop server h06.27scope: - version: -

Trust: 0.3

vendor:ibmmodel:tivoli system automation for multiplatformsscope:eqversion:3.2.1

Trust: 0.3

vendor:hpmodel:nonstop server h06.17.00scope: - version: -

Trust: 0.3

vendor:hpmodel:service managerscope:eqversion:9.30

Trust: 0.3

vendor:hpmodel:nonstop server j06.14.02scope: - version: -

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:java se sr16scope:neversion:5.0

Trust: 0.3

sources: CERT/CC: VU#858729 // ZDI: ZDI-13-022 // BID: 57691 // JVNDB: JVNDB-2013-001362 // NVD: CVE-2013-1480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1480
value: HIGH

Trust: 1.0

NVD: CVE-2013-1480
value: HIGH

Trust: 0.8

ZDI: CVE-2013-1480
value: HIGH

Trust: 0.7

VULMON: CVE-2013-1480
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1480
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: CVE-2013-1480
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

sources: ZDI: ZDI-13-022 // VULMON: CVE-2013-1480 // JVNDB: JVNDB-2013-001362 // NVD: CVE-2013-1480

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-1480

THREAT TYPE

network

Trust: 0.3

sources: BID: 57691

TYPE

Unknown

Trust: 0.3

sources: BID: 57691

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001362

PATCH

title:Oracle Java SE Critical Patch Update Advisory - February 2013url:http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Trust: 1.5

title:HT5647url:http://support.apple.com/kb/HT5647

Trust: 0.8

title:HT5666url:http://support.apple.com/kb/HT5666

Trust: 0.8

title:HT5666url:http://support.apple.com/kb/HT5666?viewlocale=ja_JP

Trust: 0.8

title:HS13-004url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-004/index.html

Trust: 0.8

title:HPSBUX02864 SSRT101156url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03725347

Trust: 0.8

title:HPSBUX02857 SSRT101103url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03714148

Trust: 0.8

title:HPSBMU02874 SSRT101184url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03748879

Trust: 0.8

title:release/icedtea6-1.11url:http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

Trust: 0.8

title:release/icedtea7-forest-2.3/jdkurl:http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f

Trust: 0.8

title:openSUSE-SU-2013:0377url:http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

Trust: 0.8

title:SUSE-SU-2013:0478url:http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

Trust: 0.8

title:Text Form of Oracle Java SE Critical Patch Update - February 2013 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html

Trust: 0.8

title:Bug 906904url:https://bugzilla.redhat.com/show_bug.cgi?id=906904

Trust: 0.8

title:RHSA-2013:0246url:http://rhn.redhat.com/errata/RHSA-2013-0246.html

Trust: 0.8

title:RHSA-2013:1455url:http://rhn.redhat.com/errata/RHSA-2013-1455.html

Trust: 0.8

title:RHSA-2013:0247url:http://rhn.redhat.com/errata/RHSA-2013-0247.html

Trust: 0.8

title:RHSA-2013:1456url:http://rhn.redhat.com/errata/RHSA-2013-1456.html

Trust: 0.8

title:RHSA-2013:0236url:http://rhn.redhat.com/errata/RHSA-2013-0236.html

Trust: 0.8

title:RHSA-2013:0237url:http://rhn.redhat.com/errata/RHSA-2013-0237.html

Trust: 0.8

title:RHSA-2013:0245url:http://rhn.redhat.com/errata/RHSA-2013-0245.html

Trust: 0.8

title:February 2013 Critical Patch Update for Java SE Releasedurl:https://blogs.oracle.com/security/entry/february_2013_critical_patch_update

Trust: 0.8

title:HS13-004url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-004/index.html

Trust: 0.8

title:セキュリティ情報:Oracle Corporation Javaプラグインの脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/oracle/20130204.html

Trust: 0.8

title:Red Hat: Important: java-1.6.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130246 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.5.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130624 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.6.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130245 - Security Advisory

Trust: 0.1

title:Red Hat: Important: java-1.7.0-openjdk security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130247 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.6.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130625 - Security Advisory

Trust: 0.1

title:Red Hat: Critical: java-1.7.0-ibm security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130626 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: openjdk-6, openjdk-7 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1724-1

Trust: 0.1

title:Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20131456 - Security Advisory

Trust: 0.1

title:Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20131455 - Security Advisory

Trust: 0.1

sources: ZDI: ZDI-13-022 // VULMON: CVE-2013-1480 // JVNDB: JVNDB-2013-001362

EXTERNAL IDS

db:NVDid:CVE-2013-1480

Trust: 3.7

db:CERT/CCid:VU#858729

Trust: 3.0

db:USCERTid:TA13-032A

Trust: 1.9

db:BIDid:57691

Trust: 1.4

db:ZDIid:ZDI-13-022

Trust: 1.0

db:JVNDBid:JVNDB-2013-001362

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1580

Trust: 0.7

db:ICS CERTid:ICSA-17-213-02

Trust: 0.3

db:VULMONid:CVE-2013-1480

Trust: 0.1

db:PACKETSTORMid:120166

Trust: 0.1

db:PACKETSTORMid:120739

Trust: 0.1

db:PACKETSTORMid:120334

Trust: 0.1

db:PACKETSTORMid:120735

Trust: 0.1

db:PACKETSTORMid:120165

Trust: 0.1

db:PACKETSTORMid:120030

Trust: 0.1

db:ZDIid:ZDI-11-306

Trust: 0.1

db:PACKETSTORMid:120050

Trust: 0.1

db:SECUNIAid:52064

Trust: 0.1

db:PACKETSTORMid:120009

Trust: 0.1

db:PACKETSTORMid:120031

Trust: 0.1

sources: CERT/CC: VU#858729 // ZDI: ZDI-13-022 // VULMON: CVE-2013-1480 // BID: 57691 // JVNDB: JVNDB-2013-001362 // PACKETSTORM: 120166 // PACKETSTORM: 120739 // PACKETSTORM: 120334 // PACKETSTORM: 120735 // PACKETSTORM: 120165 // PACKETSTORM: 120030 // PACKETSTORM: 120050 // PACKETSTORM: 120009 // PACKETSTORM: 120031 // NVD: CVE-2013-1480

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Trust: 3.3

url:http://www.kb.cert.org/vuls/id/858729

Trust: 2.3

url:http://www.us-cert.gov/cas/techalerts/ta13-032a.html

Trust: 1.9

url:https://wiki.mageia.org/en/support/advisories/mgasa-2013-0056

Trust: 1.9

url:http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/news

Trust: 1.3

url:http://rhn.redhat.com/errata/rhsa-2013-0237.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-0236.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-0245.html

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-0246.html

Trust: 1.2

url:http://www.securityfocus.com/bid/57691

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2013-0247.html

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=906904

Trust: 1.1

url:http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136439120408139&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136570436423916&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=136733161405818&w=2

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2013-1455.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2013-1456.html

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:095

Trust: 1.1

url:http://security.gentoo.org/glsa/glsa-201406-32.xml

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19504

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19351

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18845

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16045

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/javacpufeb2013verbose-1841196.html

Trust: 0.9

url:http://taosecurity.blogspot.com/2012/11/do-devs-care-about-java-insecurity.html?showcomment=1353874245992#c4794680666510382012

Trust: 0.8

url:http://codeascraft.etsy.com/2013/03/18/java-not-even-once/

Trust: 0.8

url:http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1480

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20130204-jre.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2013/at130007.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnta13-032a/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1480

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2013-0428

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0442

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0441

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0426

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0440

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0443

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0425

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2013-0445

Trust: 0.7

url:https://downloads.avaya.com/css/p8/documents/100170924

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0440.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-1476.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0427.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0433.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0445.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0432.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0428.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-1480.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0425.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0442.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0433

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0450.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0435

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0424.html

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/knowledge/articles/11258

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0434

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0443.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0432

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-1478.html

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0435.html

Trust: 0.6

url:https://access.redhat.com/security/team/key/#package

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0434.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0427

Trust: 0.6

url:http://bugzilla.redhat.com/):

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0441.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-0424

Trust: 0.6

url:https://www.redhat.com/security/data/cve/cve-2013-0426.html

Trust: 0.6

url:http://www.ibm.com/developerworks/java/jdk/alerts/

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0429

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0450

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-1478

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-3342

Trust: 0.5

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0446

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0351

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0409

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0419

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-1541

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2012-3213

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2013-0423

Trust: 0.5

url:https://www.redhat.com/security/data/cve/cve-2013-1475.html

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-1475

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0429.html

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-1480

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-1476

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-3213.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0446.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-3342.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0419.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0409.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2012-1541.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-1473.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0423.html

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2013-0438

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0438.html

Trust: 0.4

url:https://www.redhat.com/security/data/cve/cve-2013-0351.html

Trust: 0.4

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03748879

Trust: 0.3

url:http://www.oracle.com/technetwork/java/index.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033920

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24033922

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24031555

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034621

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034690

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034225

Trust: 0.3

url:http://support.apple.com/kb/ht5666

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-213-02

Trust: 0.3

url:http://prod.lists.apple.com/archives/security-announce/2013/feb/msg00000.html

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100171276

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037193

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21650623

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03748879

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?docid=emr_na-c03909126-1

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03714148

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24034507

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21634069

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635160

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21650822

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100169783

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21667626

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633170

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21645096

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21645100

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21643544

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21644918

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21635864

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21643697

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21642358

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21628927

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21649318

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21628250

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633669

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21633674

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-13-022/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0444

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0430

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0437

Trust: 0.3

url:https://www.redhat.com/security/data/cve/cve-2013-1493.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1481.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-1473

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1486.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0809.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-1487.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0431.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0437.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0444.html

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2013-0431

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0449.html

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2013-0430.html

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2013:0246

Trust: 0.1

url:https://usn.ubuntu.com/1724-1/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-0625.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0809

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1481

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1724-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.1-2ubuntu0.12.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0448

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.1-2ubuntu0.10.04.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.1-2ubuntu0.11.10.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/openjdk-7/7u13-2.3.6-0ubuntu0.12.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0449

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2013-0626.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0422

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0422.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1484.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-3174.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1485.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3174

Trust: 0.1

url:http://www.infoworld.com/d/application-development/oracle-making-embedded-java-push-203168

Trust: 0.1

url:http://www.w3.org/tr/html401/struct/objects.html#h-13.4

Trust: 0.1

url:https://blogs.oracle.com/security/entry/february_2013_critical_patch_update

Trust: 0.1

url:http://www.security-explorations.com

Trust: 0.1

url:http://www.oracle.com/us/technologies/java/embedded/standard-edition/overview/index.html

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-306/

Trust: 0.1

url:http://www.security-explorations.com/en/se-2012-01-details.html

Trust: 0.1

url:http://secunia.com/advisories/52064/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=52064

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/52064/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1489.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0448.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-1479.html

Trust: 0.1

sources: CERT/CC: VU#858729 // ZDI: ZDI-13-022 // VULMON: CVE-2013-1480 // BID: 57691 // JVNDB: JVNDB-2013-001362 // PACKETSTORM: 120166 // PACKETSTORM: 120739 // PACKETSTORM: 120334 // PACKETSTORM: 120735 // PACKETSTORM: 120165 // PACKETSTORM: 120030 // PACKETSTORM: 120050 // PACKETSTORM: 120009 // PACKETSTORM: 120031 // NVD: CVE-2013-1480

CREDITS

Chris Ries

Trust: 1.0

sources: ZDI: ZDI-13-022 // BID: 57691

SOURCES

db:CERT/CCid:VU#858729
db:ZDIid:ZDI-13-022
db:VULMONid:CVE-2013-1480
db:BIDid:57691
db:JVNDBid:JVNDB-2013-001362
db:PACKETSTORMid:120166
db:PACKETSTORMid:120739
db:PACKETSTORMid:120334
db:PACKETSTORMid:120735
db:PACKETSTORMid:120165
db:PACKETSTORMid:120030
db:PACKETSTORMid:120050
db:PACKETSTORMid:120009
db:PACKETSTORMid:120031
db:NVDid:CVE-2013-1480

LAST UPDATE DATE

2024-11-08T21:55:30.688000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#858729date:2013-06-14T00:00:00
db:ZDIid:ZDI-13-022date:2013-02-11T00:00:00
db:VULMONid:CVE-2013-1480date:2017-09-19T00:00:00
db:BIDid:57691date:2017-08-11T18:10:00
db:JVNDBid:JVNDB-2013-001362date:2015-03-18T00:00:00
db:NVDid:CVE-2013-1480date:2022-05-13T14:52:53.790

SOURCES RELEASE DATE

db:CERT/CCid:VU#858729date:2013-02-01T00:00:00
db:ZDIid:ZDI-13-022date:2013-02-11T00:00:00
db:VULMONid:CVE-2013-1480date:2013-02-02T00:00:00
db:BIDid:57691date:2013-02-01T00:00:00
db:JVNDBid:JVNDB-2013-001362date:2013-02-05T00:00:00
db:PACKETSTORMid:120166date:2013-02-09T03:17:18
db:PACKETSTORMid:120739date:2013-03-11T22:52:28
db:PACKETSTORMid:120334date:2013-02-15T05:00:41
db:PACKETSTORMid:120735date:2013-03-11T22:51:48
db:PACKETSTORMid:120165date:2013-02-09T03:12:18
db:PACKETSTORMid:120030date:2013-02-05T01:09:08
db:PACKETSTORMid:120050date:2013-02-05T03:02:48
db:PACKETSTORMid:120009date:2013-02-04T10:48:27
db:PACKETSTORMid:120031date:2013-02-05T01:09:24
db:NVDid:CVE-2013-1480date:2013-02-02T00:55:02.927