Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Low: Red Hat Network Satellite server IBM Java Runtime security update

Related Vulnerabilities: CVE-2011-0865   CVE-2011-0862   CVE-2011-0867   CVE-2011-0869   CVE-2011-0868   CVE-2011-0871   CVE-2011-0873   CVE-2011-0863   CVE-2011-0802   CVE-2011-0814   CVE-2011-3389   CVE-2011-3560   CVE-2011-3547   CVE-2011-3551   CVE-2011-3552   CVE-2011-3544   CVE-2011-3521   CVE-2011-3554   CVE-2011-3556   CVE-2011-3557   CVE-2011-3548   CVE-2011-3553   CVE-2011-3545   CVE-2011-3549   CVE-2011-3550   CVE-2011-3516   CVE-2011-3546   CVE-2011-3561   CVE-2011-5035   CVE-2012-0501   CVE-2012-0503   CVE-2012-0507   CVE-2011-3563   CVE-2012-0502   CVE-2012-0505   CVE-2012-0506   CVE-2012-0497   CVE-2012-0498   CVE-2012-0499   CVE-2012-0500   CVE-2012-1717   CVE-2012-1716   CVE-2012-1713   CVE-2012-1719   CVE-2012-1718   CVE-2012-1725   CVE-2012-1721   CVE-2012-1722   CVE-2012-0551   CVE-2012-1682   CVE-2012-0547   CVE-2013-0440   CVE-2012-3216   CVE-2012-5068   CVE-2012-5073   CVE-2012-5075   CVE-2012-5072   CVE-2012-5081   CVE-2012-5084   CVE-2012-5089   CVE-2012-5071   CVE-2012-5069   CVE-2012-5079   CVE-2012-1531   CVE-2012-1532   CVE-2012-1533   CVE-2012-3143   CVE-2012-3159   CVE-2012-5083   CVE-2012-4820   CVE-2012-4822   CVE-2012-4823   CVE-2013-0424   CVE-2013-0435   CVE-2013-1478   CVE-2013-0442   CVE-2013-0445   CVE-2013-1480   CVE-2013-0450   CVE-2012-1541   CVE-2013-0446   CVE-2012-3342   CVE-2013-0419   CVE-2013-0423   CVE-2013-0351   CVE-2013-1473   CVE-2013-0438   CVE-2013-0428   CVE-2013-0432   CVE-2012-3213   CVE-2013-1481   CVE-2013-0409   CVE-2013-0443   CVE-2013-0425   CVE-2013-0426   CVE-2013-0434   CVE-2013-0427   CVE-2013-0433   CVE-2013-1476   CVE-2013-0441   CVE-2013-0169   CVE-2013-1486   CVE-2013-1487   CVE-2013-0809   CVE-2013-1493   CVE-2013-0401   CVE-2013-1491   CVE-2013-1537   CVE-2013-2424   CVE-2013-2429   CVE-2013-2430   CVE-2013-2420   CVE-2013-2422   CVE-2013-1557   CVE-2013-2419   CVE-2013-2417   CVE-2013-2383   CVE-2013-2384   CVE-2013-1569   CVE-2013-1540   CVE-2013-1563   CVE-2013-2394   CVE-2013-2418   CVE-2013-2432   CVE-2013-2433   CVE-2013-2435   CVE-2013-2440   CVE-2013-1571   CVE-2013-2470   CVE-2013-2471   CVE-2013-2472   CVE-2013-2473   CVE-2013-2463   CVE-2013-2465   CVE-2013-2469   CVE-2013-2459   CVE-2013-2448   CVE-2013-2407   CVE-2013-2454   CVE-2013-2444   CVE-2013-2446   CVE-2013-2457   CVE-2013-2453   CVE-2013-2443   CVE-2013-2452   CVE-2013-2455   CVE-2013-2447   CVE-2013-2450   CVE-2013-2456   CVE-2013-2412   CVE-2013-2451   CVE-2013-1500   CVE-2013-2464   CVE-2013-2468   CVE-2013-2466   CVE-2013-3743   CVE-2013-2442   CVE-2013-2437   CVE-2011-0869   CVE-2011-0868   CVE-2011-0865   CVE-2011-0867   CVE-2011-0862   CVE-2011-0871   CVE-2011-0873   CVE-2011-0863   CVE-2011-0814   CVE-2011-0802   CVE-2011-3521   CVE-2011-3554   CVE-2011-3556   CVE-2011-3548   CVE-2011-3551   CVE-2011-3552   CVE-2011-3553   CVE-2011-3389   CVE-2011-3547   CVE-2011-3560   CVE-2011-3544   CVE-2011-3557   CVE-2011-3549   CVE-2011-3550   CVE-2011-3546   CVE-2011-3545   CVE-2011-3561   CVE-2011-3516   CVE-2011-5035   CVE-2012-0505   CVE-2011-3563   CVE-2012-0506   CVE-2012-0497   CVE-2012-0503   CVE-2012-0502   CVE-2012-0501   CVE-2012-0500   CVE-2012-0499   CVE-2012-0498   CVE-2012-0507   CVE-2012-1725   CVE-2012-1719   CVE-2012-1718   CVE-2012-1717   CVE-2012-1716   CVE-2012-1713   CVE-2012-1722   CVE-2012-0551   CVE-2012-1721   CVE-2012-0547   CVE-2012-1682   CVE-2012-5084   CVE-2012-5079   CVE-2012-5081   CVE-2012-5069   CVE-2012-5068   CVE-2012-3216   CVE-2012-5071   CVE-2012-5072   CVE-2012-5073   CVE-2012-5089   CVE-2012-5075   CVE-2012-3159   CVE-2012-3143   CVE-2012-1531   CVE-2012-1533   CVE-2012-1532   CVE-2012-5083   CVE-2012-4820   CVE-2012-4822   CVE-2012-4823   CVE-2013-1478   CVE-2013-0450   CVE-2013-1473   CVE-2013-1476   CVE-2012-1541   CVE-2013-0409   CVE-2013-1480   CVE-2013-1481   CVE-2013-0427   CVE-2013-0426   CVE-2013-0425   CVE-2013-0424   CVE-2013-0423   CVE-2012-3213   CVE-2013-0419   CVE-2013-0445   CVE-2013-0446   CVE-2013-0441   CVE-2013-0440   CVE-2013-0443   CVE-2013-0442   CVE-2013-0351   CVE-2012-3342   CVE-2013-0432   CVE-2013-0433   CVE-2013-0434   CVE-2013-0435   CVE-2013-0438   CVE-2013-0428   CVE-2013-0169   CVE-2013-1486   CVE-2013-1487   CVE-2013-1493   CVE-2013-0809   CVE-2013-2418   CVE-2013-2394   CVE-2013-2432   CVE-2013-2433   CVE-2013-2435   CVE-2013-1540   CVE-2013-1563   CVE-2013-2419   CVE-2013-1537   CVE-2013-2417   CVE-2013-2430   CVE-2013-0401   CVE-2013-1569   CVE-2013-2383   CVE-2013-2384   CVE-2013-2420   CVE-2013-2422   CVE-2013-2424   CVE-2013-2429   CVE-2013-1557   CVE-2013-2440   CVE-2013-1491   CVE-2013-2465   CVE-2013-1571   CVE-2013-2472   CVE-2013-2412   CVE-2013-2454   CVE-2013-2455   CVE-2013-2456   CVE-2013-2457   CVE-2013-2450   CVE-2013-2452   CVE-2013-2453   CVE-2013-2459   CVE-2013-2470   CVE-2013-2471   CVE-2013-2473   CVE-2013-2447   CVE-2013-2446   CVE-2013-2463   CVE-2013-2407   CVE-2013-1500   CVE-2013-2448   CVE-2013-2469   CVE-2013-2443   CVE-2013-2444   CVE-2013-2451   CVE-2013-2464   CVE-2013-2468   CVE-2013-2442   CVE-2013-2466   CVE-2013-2437   CVE-2013-3743  

Source

Synopsis

Low: Red Hat Network Satellite server IBM Java Runtime security update

Type/Severity

Security Advisory: Low

Topic

Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.4.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.4. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.

Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,
CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,
CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,
CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,
CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,
CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,
CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,
CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,
CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,
CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,
CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,
CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,
CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)

Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to
these updated packages, which contain the IBM Java SE 6 SR14 release. For
this update to take effect, Red Hat Network Satellite Server must be
restarted ("/usr/sbin/rhn-satellite restart"), as well as all running
instances of IBM Java.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 6 s390x
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 x86_64
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 s390x
  • Red Hat Satellite with Embedded Oracle 5.4 for RHEL 5 i386

Fixes

  • BZ - 706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
  • BZ - 706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
  • BZ - 706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
  • BZ - 706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
  • BZ - 706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
  • BZ - 706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
  • BZ - 711675 - CVE-2011-0873 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (2D)
  • BZ - 711676 - CVE-2011-0863 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (Deployment)
  • BZ - 711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound)
  • BZ - 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
  • BZ - 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
  • BZ - 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
  • BZ - 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
  • BZ - 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
  • BZ - 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
  • BZ - 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)
  • BZ - 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)
  • BZ - 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)
  • BZ - 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)
  • BZ - 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
  • BZ - 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)
  • BZ - 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)
  • BZ - 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
  • BZ - 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
  • BZ - 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
  • BZ - 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
  • BZ - 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
  • BZ - 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
  • BZ - 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
  • BZ - 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
  • BZ - 788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
  • BZ - 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
  • BZ - 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
  • BZ - 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
  • BZ - 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
  • BZ - 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
  • BZ - 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
  • BZ - 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
  • BZ - 790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)
  • BZ - 829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
  • BZ - 829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
  • BZ - 829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
  • BZ - 829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
  • BZ - 829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
  • BZ - 829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
  • BZ - 831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
  • BZ - 831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
  • BZ - 831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
  • BZ - 853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
  • BZ - 853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
  • BZ - 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
  • BZ - 865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
  • BZ - 865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
  • BZ - 865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
  • BZ - 865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
  • BZ - 865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
  • BZ - 865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
  • BZ - 865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
  • BZ - 865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
  • BZ - 865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
  • BZ - 865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
  • BZ - 865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
  • BZ - 867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
  • BZ - 867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
  • BZ - 867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
  • BZ - 867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
  • BZ - 867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
  • BZ - 867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
  • BZ - 876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
  • BZ - 876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
  • BZ - 876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
  • BZ - 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
  • BZ - 906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
  • BZ - 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
  • BZ - 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
  • BZ - 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
  • BZ - 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
  • BZ - 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
  • BZ - 906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
  • BZ - 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
  • BZ - 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
  • BZ - 907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)
  • BZ - 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
  • BZ - 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
  • BZ - 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
  • BZ - 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
  • BZ - 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
  • BZ - 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
  • BZ - 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
  • BZ - 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
  • BZ - 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
  • BZ - 907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
  • BZ - 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
  • BZ - 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
  • BZ - 913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
  • BZ - 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
  • BZ - 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)
  • BZ - 920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
  • BZ - 920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
  • BZ - 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
  • BZ - 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
  • BZ - 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
  • BZ - 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
  • BZ - 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
  • BZ - 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
  • BZ - 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
  • BZ - 952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
  • BZ - 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
  • BZ - 952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
  • BZ - 952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
  • BZ - 952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
  • BZ - 953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
  • BZ - 953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
  • BZ - 953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
  • BZ - 953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
  • BZ - 953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
  • BZ - 953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
  • BZ - 953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
  • BZ - 953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
  • BZ - 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
  • BZ - 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)
  • BZ - 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)
  • BZ - 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)
  • BZ - 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)
  • BZ - 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)
  • BZ - 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)
  • BZ - 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)
  • BZ - 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
  • BZ - 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)
  • BZ - 975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)
  • BZ - 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
  • BZ - 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)
  • BZ - 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)
  • BZ - 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)
  • BZ - 975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)
  • BZ - 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
  • BZ - 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)
  • BZ - 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)
  • BZ - 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)
  • BZ - 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
  • BZ - 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)
  • BZ - 975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)
  • BZ - 975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730)
  • BZ - 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
  • BZ - 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)
  • BZ - 975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
  • BZ - 975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
  • BZ - 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)
  • BZ - 975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
  • BZ - 975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started