Detections
Analytics

Alpine: openjdk6: security update to 1.6.0-r9 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 401129

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
 attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE:
 the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor
 that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect
 ByteBandedRaster size checks" in 2D. (CVE-2013-2473)

 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to
 affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is
 from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related
 to weak permissions for shared memory. (CVE-2013-1500)

 - Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45
 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote
 attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is
 from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related
 to frame injection in HTML that is generated by Javadoc. (CVE-2013-1571)

 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality
 and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June
 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML
 security and the class loader." (CVE-2013-2407)

 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21
 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality
 via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU.
 Oracle has not commented on claims from another vendor that this issue is related to insufficient
 indication of an SSL connection failure by JConsole, related to RMI connection dialog box. (CVE-2013-2412)

See Also

https://git.alpinelinux.org/aports/commit/?id=1f99ba57e5946f21d43f2d235856af8a174ccc74

https://git.alpinelinux.org/aports/commit/?id=505611158549487a4eab20798357158842284873

Plugin Details

Severity: Critical

ID: 401129

Version: Revision 1.27

Type: Local

Published: 8/16/2023

Updated: 11/12/2025

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2473

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2013-2465

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/16/2013

Vulnerability Publication Date: 6/18/2013

CISA Known Exploited Vulnerability Due Dates: 4/18/2022

Exploitable With

Core Impact

Metasploit (Java storeImageArray() Invalid Array Indexing Vulnerability)

Reference Information

CVE: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473

BID: 60617, 60618, 60619, 60620, 60623, 60625, 60627, 60629, 60632, 60633, 60634, 60638, 60639, 60640, 60641, 60644, 60645, 60646, 60647, 60651, 60653, 60655, 60656, 60657, 60658, 60659