Oracle Java SE Multiple Vulnerabilities (June 2013 CPU Update)

Critical Nessus Network Monitor Plugin ID 6877

Synopsis

The remote host contains a version of Oracle Java SE that is affected by multiple vulnerabilities.

Description

Versions of Java 7 Update 21 and earlier, 6 Update 45 or 5 Update 45 are potentially affected by security issues in the following components :

- 2D

- AWT

- CORBA

- Deployment

- Hotspot

- Install

- JDBC

- JMX

- Libraries

- Networking

- Serialization

- Serviceability

- Sound

Solution

Remove any affected versions and update to JDK / JRE versions 7 Update 25, 6 Update 51, 5 Update 51, or later.

See Also

http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html

http://lists.apple.com/archives/security-announce/2013/Jun/msg00002.html

http://www.securityfocus.com/archive/1/526907/30/0/threaded

Plugin Details

Severity: Critical

ID: 6877

File Name: 6877.prm

Family: Web Clients

Published: 2013/06/19

Modified: 2016/01/19

Dependencies: 1735, 8314

Nessus ID: 66929

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:java_se

Patch Publication Date: 2013/06/18

Vulnerability Publication Date: 2013/06/18

Exploitable With

Metasploit (Java storeImageArray() Invalid Array Indexing Vulnerability)

Reference Information

CVE: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743

BID: 60617, 60618, 60619, 60620, 60623, 60624, 60625, 60626, 60627, 60629, 60631, 60632, 60633, 60634, 60636, 60637, 60638, 60639, 60640, 60641, 60643, 60644, 60645, 60646, 60647, 60650, 60651, 60653, 60655, 60656, 60657, 60658, 60659