Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871057
Category:Red Hat Local Security Checks
Title:RedHat Update for java-1.7.0-openjdk RHSA-2013:1451-01
Summary:The remote host is missing an update for the 'java-1.7.0-openjdk'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'java-1.7.0-openjdk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.

Multiple input checking flaws were found in the 2D component native image
parsing code. A specially crafted image file could trigger a Java Virtual
Machine memory corruption and, possibly, lead to arbitrary code execution
with the privileges of the user running the Java Virtual Machine.
(CVE-2013-5782)

The class loader did not properly check the package access for non-public
proxy classes. A remote attacker could possibly use this flaw to execute
arbitrary code with the privileges of the user running the Java Virtual
Machine. (CVE-2013-5830)

Multiple improper permission check issues were discovered in the 2D, CORBA,
JNDI, and Libraries components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850,
CVE-2013-5838)

Multiple input checking flaws were discovered in the JPEG image reading and
writing code in the 2D component. An untrusted Java application or applet
could use these flaws to corrupt the Java Virtual Machine memory and bypass
Java sandbox restrictions. (CVE-2013-5809)

The FEATURE_SECURE_PROCESSING setting was not properly honored by the
javax.xml.transform package transformers. A remote attacker could use this
flaw to supply a crafted XML that would be processed without the intended
security restrictions. (CVE-2013-5802)

Multiple errors were discovered in the way the JAXP and Security components
processes XML inputs. A remote attacker could create a crafted XML that
would cause a Java application to use an excessive amount of CPU and memory
when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823)

Multiple improper permission check issues were discovered in the Libraries,
Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840,
CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800,
CVE-2013-5849, CVE-2013-5790, CVE-2013-5784)

It was discovered that the 2D component image library did not properly
check bounds when performing image conversions. An untrusted Java
application or applet could use this flaw to disclose portions of the Java
Virtual Machine memory. (CVE-2013-5778)

Multiple input sanitization flaws were disc ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
java-1.7.0-openjdk on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-3829
http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html
BugTraq ID: 63120
http://www.securityfocus.com/bid/63120
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02943
http://marc.info/?l=bugtraq&m=138674031212883&w=2
HPdes Security Advisory: HPSBUX02944
http://marc.info/?l=bugtraq&m=138674073720143&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19002
RedHat Security Advisories: RHSA-2013:1440
http://rhn.redhat.com/errata/RHSA-2013-1440.html
RedHat Security Advisories: RHSA-2013:1447
http://rhn.redhat.com/errata/RHSA-2013-1447.html
RedHat Security Advisories: RHSA-2013:1451
http://rhn.redhat.com/errata/RHSA-2013-1451.html
RedHat Security Advisories: RHSA-2013:1505
http://rhn.redhat.com/errata/RHSA-2013-1505.html
RedHat Security Advisories: RHSA-2013:1507
http://rhn.redhat.com/errata/RHSA-2013-1507.html
RedHat Security Advisories: RHSA-2013:1508
http://rhn.redhat.com/errata/RHSA-2013-1508.html
RedHat Security Advisories: RHSA-2013:1509
http://rhn.redhat.com/errata/RHSA-2013-1509.html
RedHat Security Advisories: RHSA-2013:1793
http://rhn.redhat.com/errata/RHSA-2013-1793.html
RedHat Security Advisories: RHSA-2014:0414
https://access.redhat.com/errata/RHSA-2014:0414
http://secunia.com/advisories/56338
SuSE Security Announcement: SUSE-SU-2013:1666 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00010.html
SuSE Security Announcement: SUSE-SU-2013:1677 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html
SuSE Security Announcement: openSUSE-SU-2013:1663 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html
http://www.ubuntu.com/usn/USN-2033-1
http://www.ubuntu.com/usn/USN-2089-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4002
AIX APAR: IC98015
http://www-01.ibm.com/support/docview.wss?uid=swg1IC98015
BugTraq ID: 61310
http://www.securityfocus.com/bid/61310
http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2013
https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E
RedHat Security Advisories: RHSA-2013:1059
http://rhn.redhat.com/errata/RHSA-2013-1059.html
RedHat Security Advisories: RHSA-2013:1060
http://rhn.redhat.com/errata/RHSA-2013-1060.html
RedHat Security Advisories: RHSA-2013:1081
http://rhn.redhat.com/errata/RHSA-2013-1081.html
RedHat Security Advisories: RHSA-2014:1818
http://rhn.redhat.com/errata/RHSA-2014-1818.html
RedHat Security Advisories: RHSA-2014:1821
http://rhn.redhat.com/errata/RHSA-2014-1821.html
RedHat Security Advisories: RHSA-2014:1822
http://rhn.redhat.com/errata/RHSA-2014-1822.html
RedHat Security Advisories: RHSA-2014:1823
http://rhn.redhat.com/errata/RHSA-2014-1823.html
RedHat Security Advisories: RHSA-2015:0675
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RedHat Security Advisories: RHSA-2015:0720
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RedHat Security Advisories: RHSA-2015:0765
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RedHat Security Advisories: RHSA-2015:0773
http://rhn.redhat.com/errata/RHSA-2015-0773.html
http://secunia.com/advisories/56257
SuSE Security Announcement: SUSE-SU-2013:1255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
SuSE Security Announcement: SUSE-SU-2013:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
SuSE Security Announcement: SUSE-SU-2013:1257 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
SuSE Security Announcement: SUSE-SU-2013:1263 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
SuSE Security Announcement: SUSE-SU-2013:1293 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
SuSE Security Announcement: SUSE-SU-2013:1305 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
XForce ISS Database: ibm-java-cve20134002-dos(85260)
https://exchange.xforce.ibmcloud.com/vulnerabilities/85260
Common Vulnerability Exposure (CVE) ID: CVE-2013-5772
BugTraq ID: 63089
http://www.securityfocus.com/bid/63089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19219
Common Vulnerability Exposure (CVE) ID: CVE-2013-5774
BugTraq ID: 63128
http://www.securityfocus.com/bid/63128
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19032
Common Vulnerability Exposure (CVE) ID: CVE-2013-5778
BugTraq ID: 63134
http://www.securityfocus.com/bid/63134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19020
Common Vulnerability Exposure (CVE) ID: CVE-2013-5780
BugTraq ID: 63115
http://www.securityfocus.com/bid/63115
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19101
Common Vulnerability Exposure (CVE) ID: CVE-2013-5782
BugTraq ID: 63103
http://www.securityfocus.com/bid/63103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18645
Common Vulnerability Exposure (CVE) ID: CVE-2013-5783
BugTraq ID: 63154
http://www.securityfocus.com/bid/63154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19088
Common Vulnerability Exposure (CVE) ID: CVE-2013-5784
BugTraq ID: 63098
http://www.securityfocus.com/bid/63098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19049
Common Vulnerability Exposure (CVE) ID: CVE-2013-5790
BugTraq ID: 63102
http://www.securityfocus.com/bid/63102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18733
Common Vulnerability Exposure (CVE) ID: CVE-2013-5797
BugTraq ID: 63095
http://www.securityfocus.com/bid/63095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18956
Common Vulnerability Exposure (CVE) ID: CVE-2013-5800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19093
Common Vulnerability Exposure (CVE) ID: CVE-2013-5802
BugTraq ID: 63135
http://www.securityfocus.com/bid/63135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19207
Common Vulnerability Exposure (CVE) ID: CVE-2013-5803
BugTraq ID: 63082
http://www.securityfocus.com/bid/63082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18874
Common Vulnerability Exposure (CVE) ID: CVE-2013-5804
BugTraq ID: 63149
http://www.securityfocus.com/bid/63149
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19188
Common Vulnerability Exposure (CVE) ID: CVE-2013-5809
BugTraq ID: 63118
http://www.securityfocus.com/bid/63118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18504
http://secunia.com/advisories/56249
Common Vulnerability Exposure (CVE) ID: CVE-2013-5814
BugTraq ID: 63143
http://www.securityfocus.com/bid/63143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19185
Common Vulnerability Exposure (CVE) ID: CVE-2013-5817
BugTraq ID: 63146
http://www.securityfocus.com/bid/63146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19024
Common Vulnerability Exposure (CVE) ID: CVE-2013-5820
BugTraq ID: 63133
http://www.securityfocus.com/bid/63133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19206
Common Vulnerability Exposure (CVE) ID: CVE-2013-5823
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18783
Common Vulnerability Exposure (CVE) ID: CVE-2013-5825
BugTraq ID: 63101
http://www.securityfocus.com/bid/63101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19046
Common Vulnerability Exposure (CVE) ID: CVE-2013-5829
BugTraq ID: 63137
http://www.securityfocus.com/bid/63137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19189
Common Vulnerability Exposure (CVE) ID: CVE-2013-5830
BugTraq ID: 63121
http://www.securityfocus.com/bid/63121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19096
Common Vulnerability Exposure (CVE) ID: CVE-2013-5838
BugTraq ID: 63131
http://www.securityfocus.com/bid/63131
http://osvdb.org/98536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19141
Common Vulnerability Exposure (CVE) ID: CVE-2013-5840
BugTraq ID: 63148
http://www.securityfocus.com/bid/63148
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18990
Common Vulnerability Exposure (CVE) ID: CVE-2013-5842
BugTraq ID: 63150
http://www.securityfocus.com/bid/63150
http://www.zerodayinitiative.com/advisories/ZDI-13-246/
http://osvdb.org/98532
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18436
Common Vulnerability Exposure (CVE) ID: CVE-2013-5849
BugTraq ID: 63106
http://www.securityfocus.com/bid/63106
http://osvdb.org/98564
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18971
XForce ISS Database: oracle-cpuoct2013-cve20135849(88003)
https://exchange.xforce.ibmcloud.com/vulnerabilities/88003
Common Vulnerability Exposure (CVE) ID: CVE-2013-5850
BugTraq ID: 63153
http://www.securityfocus.com/bid/63153
http://osvdb.org/98535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19150
Common Vulnerability Exposure (CVE) ID: CVE-2013-5851
BugTraq ID: 63142
http://www.securityfocus.com/bid/63142
http://osvdb.org/98558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19061
XForce ISS Database: oracle-cpuoct2013-cve20135851(87997)
https://exchange.xforce.ibmcloud.com/vulnerabilities/87997
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.