Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.5.

The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.

Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)

Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.4.

The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets.

Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169, CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487, CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)

Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR14 release. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.

The remote host is affected by the vulnerability described in GLSA-201401-30 (Oracle JRE/JDK: Multiple vulnerabilities)

    Multiple vulnerabilities have been reported in the Oracle Java       implementation. Please review the CVE identifiers referenced below for       details.
  Impact :

    An unauthenticated, remote attacker could exploit these vulnerabilities       to execute arbitrary code.
      Furthermore, a local or remote attacker could exploit these       vulnerabilities to cause unspecified impact, possibly including remote       execution of arbitrary code.
  Workaround :

    There is no known workaround at this time.

The remote host has a version of IBM Domino (formerly Lotus Domino) 9.x prior to 9.0.1 installed. It is, therefore, reportedly affected by the following vulnerabilities :

  - The included version of the IBM Java SDK contains a     version of IBM JRE that contains numerous security     issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,     CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,     CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,     CVE-2013-3011, CVE-2013-3012)

  - An input validation error exists related to handling     content in email messages that could allow cross-site     scripting attacks. (CVE-2013-4063)

  - An input validation error exists related to iNotes when     running in 'ultra-light' mode that could allow cross-     site scripting attacks. (CVE-2013-4064)

  - An input validation error exists related to handling     content in email messages and iNotes when running in     'ultra-light' mode that could allow cross-site     scripting attacks. (CVE-2013-4065)

  - Note that fixes in the Oracle Java CPUs for February,     April and June 2013 are included in the fixed IBM Java     release, which is included in the fixed IBM Domino     release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,     CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,     CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,     CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,     CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,     CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,     CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,     CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,     CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,     CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,     CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,     CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,     CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,     CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,     CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,     CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,     CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,     CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,     CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,     CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,     CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,     CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,     CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,     CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,     CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,     CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,     CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,     CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,     CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,     CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,     CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,     CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,     CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,     CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,     CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,     CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,     CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,     CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,     CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

According to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 9.x earlier than 9.0.1.  It is, therefore, affected by the following vulnerabilities :

  - The included version of the IBM Java SDK contains a     version of IBM JRE that contains numerous security     issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,     CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,     CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,     CVE-2013-3011, CVE-2013-3012)

  - An input validation error exists related to handling     content in email messages that could allow cross-site     scripting attacks. (CVE-2013-4063)

  - An input validation error exists related to iNotes when     running in 'ultra-light' mode that could allow cross-     site scripting attacks. (CVE-2013-4064)

  - An input validation error exists related to handling     content in email messages and iNotes when running in     'ultra-light' mode that could allow cross-site     scripting attacks. (CVE-2013-4065)

  - Note that fixes in the Oracle Java CPUs for February,     April and June 2013 are included in the fixed IBM Java     release, which is included in the fixed IBM Domino     release. (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,     CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,     CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,     CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,     CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,     CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,     CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,     CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,     CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,     CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,     CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,     CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,     CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,     CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,     CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,     CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,     CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,     CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,     CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,     CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,     CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,     CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,     CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,     CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,     CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,     CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,     CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,     CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,     CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,     CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,     CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,     CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,     CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,     CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,     CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,     CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,     CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,     CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,     CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

The remote host has a version of IBM Notes (formerly Lotus Notes) 8.5.x prior to 8.5.3 Fix Pack 5 installed.  It is, therefore, reportedly affected by the following vulnerabilities :

  - The included version of the IBM Java SDK contains a     version of the IBM JRE that contains numerous security     issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,     CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,     CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,     CVE-2013-3011, CVE-2013-3012)

  - Note also that fixes in the Oracle Java CPUs for     February, April and June 2013 are included in the     fixed IBM Java release, which is included in the     fixed IBM Notes release.
    (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,     CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,     CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,     CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,     CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,     CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,     CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,     CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,     CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,     CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,     CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,     CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,     CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,     CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,     CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,     CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,     CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,     CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,     CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,     CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,     CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,     CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,     CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,     CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,     CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,     CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,     CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,     CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,     CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,     CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,     CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,     CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,     CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,     CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,     CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,     CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,     CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,     CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,     CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

The remote host has a version of IBM Domino (formerly Lotus Domino) 8.5.x prior to 8.5.3 Fix Pack 5 installed.  It is, therefore, reportedly affected by the following vulnerabilities :

  - The included version of the IBM Java SDK contains a     version of the IBM JRE that contains numerous security     issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,     CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,     CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,     CVE-2013-3011, CVE-2013-3012)

  - Note also that fixes in the Oracle Java CPUs for     February, April and June 2013 are included in the     fixed IBM Java release, which is itself included     in the fixed IBM Domino release.
    (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,     CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,     CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,     CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,     CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,     CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,     CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,     CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,     CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,     CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,     CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,     CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,     CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,     CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,     CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,     CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,     CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,     CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,     CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,     CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,     CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,     CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,     CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,     CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,     CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,     CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,     CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,     CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,     CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,     CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,     CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,     CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,     CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,     CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,     CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,     CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,     CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,     CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,     CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

According to its banner, the version of IBM Domino (formerly IBM Lotus Domino) on the remote host is 8.5.x earlier than 8.5.3 FP5.
It is, therefore, affected by the following vulnerabilities :

  - The included version of the IBM Java SDK contains a     version of the IBM JRE that contains numerous security     issues. (CVE-2013-0809, CVE-2013-1493, CVE-2013-2436,     CVE-2013-2455, CVE-2013-3006, CVE-2013-3007,     CVE-2013-3008, CVE-2013-3009, CVE-2013-3010,     CVE-2013-3011, CVE-2013-3012)

  - Note also that fixes in the Oracle Java CPUs for     February, April and June 2013 are included in the     fixed IBM Java release, which is included in the     fixed IBM Domino release.
    (CVE-2012-1541, CVE-2012-3213, CVE-2012-3342,     CVE-2013-0351, CVE-2013-0401, CVE-2013-0402,     CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,     CVE-2013-0424, CVE-2013-0425, CVE-2013-0426,     CVE-2013-0427, CVE-2013-0428, CVE-2013-0429,     CVE-2013-0430, CVE-2013-0431, CVE-2013-0432,     CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,     CVE-2013-0437, CVE-2013-0438, CVE-2013-0440,     CVE-2013-0441, CVE-2013-0442, CVE-2013-0443,     CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,     CVE-2013-0448, CVE-2013-0449, CVE-2013-0450,     CVE-2013-1473, CVE-2013-1475, CVE-2013-1476,     CVE-2013-1478, CVE-2013-1479, CVE-2013-1480,     CVE-2013-1481, CVE-2013-1488, CVE-2013-1489,     CVE-2013-1491, CVE-2013-1500, CVE-2013-1518,     CVE-2013-1537, CVE-2013-1540, CVE-2013-1557,     CVE-2013-1558, CVE-2013-1561, CVE-2013-1563,     CVE-2013-1564, CVE-2013-1569, CVE-2013-1571,     CVE-2013-2383, CVE-2013-2384, CVE-2013-2394,     CVE-2013-2400, CVE-2013-2407, CVE-2013-2412,     CVE-2013-2414, CVE-2013-2415, CVE-2013-2416,     CVE-2013-2417, CVE-2013-2418, CVE-2013-2419,     CVE-2013-2420, CVE-2013-2421, CVE-2013-2422,     CVE-2013-2423, CVE-2013-2424, CVE-2013-2425,     CVE-2013-2426, CVE-2013-2427, CVE-2013-2428,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2431,     CVE-2013-2432, CVE-2013-2433, CVE-2013-2434,     CVE-2013-2435, CVE-2013-2437, CVE-2013-2438,     CVE-2013-2439, CVE-2013-2440, CVE-2013-2442,     CVE-2013-2443, CVE-2013-2444, CVE-2013-2445,     CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,     CVE-2013-2449, CVE-2013-2450, CVE-2013-2451,     CVE-2013-2452, CVE-2013-2453, CVE-2013-2454,     CVE-2013-2456, CVE-2013-2457, CVE-2013-2458,     CVE-2013-2459, CVE-2013-2460, CVE-2013-2461,     CVE-2013-2462, CVE-2013-2463, CVE-2013-2464,     CVE-2013-2465, CVE-2013-2466, CVE-2013-2467,     CVE-2013-2468, CVE-2013-2469, CVE-2013-2470,     CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,     CVE-2013-3743, CVE-2013-3744, CVE-2013-4002)

IBM Java 1.5.0 has been updated to SR13-FP2 which fixes several bugs and security issues.

For more details see :

http://www.ibm.com/developerworks/java/jdk/alerts/

IBM Java 1.7.0 has been updated to SR4-FP2 which fixes bugs and security issues.

http://www.ibm.com/developerworks/java/jdk/alerts/

IBM Java 1.6.0 has been updated to SR13-FP2 fixing bugs and security issues.

[http://www.ibm.com/developerworks/java/jdk/alerts/)(http://www.ibm.co m/developerworks/java/jdk/alerts/)

IBM Java 1.6.0 has been updated to SR13-FP2 which fixes bugs and security issues.

http://www.ibm.com/developerworks/java/jdk/alerts/

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0823 advisory.

    IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM     Java Software Development Kit.

    This update fixes several vulnerabilities in the IBM Java Runtime     Environment and the IBM Java Software Development Kit. Detailed     vulnerability descriptions are linked from the IBM Security alerts page,     listed in the References section. (CVE-2013-0169, CVE-2013-0401,     CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1563,     CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417,     CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,     CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,     CVE-2013-2440)

    All users of java-1.6.0-ibm are advised to upgrade to these updated     packages, containing the IBM Java SE 6 SR13-FP2 release. All running     instances of IBM Java must be restarted for the update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the References section. (CVE-2013-0169, CVE-2013-0401, CVE-2013-1488, CVE-2013-1491, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2440)

All users of java-1.7.0-ibm are advised to upgrade to these updated packages, containing the IBM Java SE 7 SR4-FP2 release. All running instances of IBM Java must be restarted for the update to take effect.

Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2013-0401, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1563, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424, CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435, CVE-2013-2439, CVE-2013-2440)

All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 45. All running instances of Oracle Java must be restarted for the update to take effect.

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
(CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440)

All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 21 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is earlier than or equal to  7 Update 17, 6 Update 43 or 5 Update 41.  It is, therefore, potentially affected by security issues in the following components :

  - 2D
  - AWT
  - Beans
  - Deployment
  - HotSpot
  - ImageIO
  - Install
  - JavaFX
  - JAXP
  - JAX-WS
  - JMX
  - Libraries
  - Networking
  - RMI

ID	Name	Product	Family	Severity
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
66857	SuSE 10 Security Update : Java 1.5.0 (ZYPP Patch Number 8593)	Nessus	SuSE Local Security Checks	critical
66855	SuSE 11.2 / 11.3 Security Update : IBM Java 1.7.0 / IBM Java (SAT Patch Numbers 7794 / 7921)	Nessus	SuSE Local Security Checks	critical
66618	SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8582)	Nessus	SuSE Local Security Checks	critical
66616	SuSE 11.2 / 11.3 Security Update : IBM Java (SAT Patch Numbers 7744 / 7920)	Nessus	SuSE Local Security Checks	critical
66440	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823)	Nessus	Red Hat Local Security Checks	critical
66439	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822)	Nessus	Red Hat Local Security Checks	critical
66030	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0758)	Nessus	Red Hat Local Security Checks	critical
66029	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0757)	Nessus	Red Hat Local Security Checks	critical
65996	Oracle Java SE Multiple Vulnerabilities (April 2013 CPU) (Unix)	Nessus	Misc.	critical
65995	Oracle Java SE Multiple Vulnerabilities (April 2013 CPU)	Nessus	Windows	critical

Detections

Analytics

CVE-2013-2418

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical