Details of VAR-201304-0375

ID

VAR-201304-0375

CVE

CVE-2013-2420

TITLE

Oracle Java SE of Java Runtime Environment In 2D Processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002394

DESCRIPTION

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. This issue is not trusted Web Start Application, and untrusted Java It can only be exploited via an applet. ( Not trusted Web Start Application, and untrusted Java Applet has limited privileges Java Works in sandbox )Information is obtained by a third party, information is altered, or service operation is interrupted. (DoS) An attack may be carried out. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the sun.awt.image.ImageRepresentation.setICMpixels' native function. The issue lies in the handling of the scanlineStride argument, which is not properly validated before being used. By manipulating the function's arguments an attacker can force an integer overflow to occur before indexing into an array. An attacker can leverage this vulnerability to execute code under the context of the current process. This vulnerability affects the following supported versions: 7 Update 17 , 6 Update 43 , 5.0 Update 41. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-openjdk security update Advisory ID: RHSA-2013:0751-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0751.html Issue date: 2013-04-17 CVE Names: CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 ===================================================================== 1. Summary: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 3. Description: These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384) Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557) The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. (CVE-2013-1537) Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details. The 2D component did not properly process certain images. (CVE-2013-2420) It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. (CVE-2013-2431, CVE-2013-2421, CVE-2013-2423) It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. (CVE-2013-2429, CVE-2013-2430) The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. (CVE-2013-1488, CVE-2013-2426) The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. (CVE-2013-0401) Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. (CVE-2013-2417, CVE-2013-2419) The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. (CVE-2013-2424) It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 920245 - CVE-2013-0401 OpenJDK: unspecified sandbox bypass (CanSecWest 2013, AWT) 920247 - CVE-2013-1488 OpenJDK: unspecified sanbox bypass (CanSecWest 2013, Libraries) 952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040) 952389 - CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542) 952398 - CVE-2013-2423 OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677) 952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435) 952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918) 952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667) 952550 - CVE-2013-2436 OpenJDK: Wrapper.convert insufficient type checks (Libraries, 8009049) 952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617) 952640 - CVE-2013-1558 OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507) 952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857) 952645 - CVE-2013-2431 OpenJDK: Hotspot intrinsic frames vulnerability (Hotspot, 8004336) 952646 - CVE-2013-1518 OpenJDK: JAXP missing security restrictions (JAXP, 6657673) 952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329) 952649 - CVE-2013-2421 OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699) 952653 - CVE-2013-2426 OpenJDK: ConcurrentHashMap incorrectly calls defaultReadObject() method (Libraries, 8009063) 952656 - CVE-2013-2419 OpenJDK: font processing errors (2D, 8001031) 952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724) 952708 - CVE-2013-2383 OpenJDK: font layout and glyph table errors (2D, 8004986) 952709 - CVE-2013-2384 OpenJDK: font layout and glyph table errors (2D, 8004987) 952711 - CVE-2013-1569 OpenJDK: font layout and glyph table errors (2D, 8004994) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.i686.rpm x86_64: java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4.src.rpm i386: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.i686.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.i686.rpm noarch: java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el6_4.noarch.rpm x86_64: java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-0401.html https://www.redhat.com/security/data/cve/CVE-2013-1488.html https://www.redhat.com/security/data/cve/CVE-2013-1518.html https://www.redhat.com/security/data/cve/CVE-2013-1537.html https://www.redhat.com/security/data/cve/CVE-2013-1557.html https://www.redhat.com/security/data/cve/CVE-2013-1558.html https://www.redhat.com/security/data/cve/CVE-2013-1569.html https://www.redhat.com/security/data/cve/CVE-2013-2383.html https://www.redhat.com/security/data/cve/CVE-2013-2384.html https://www.redhat.com/security/data/cve/CVE-2013-2415.html https://www.redhat.com/security/data/cve/CVE-2013-2417.html https://www.redhat.com/security/data/cve/CVE-2013-2419.html https://www.redhat.com/security/data/cve/CVE-2013-2420.html https://www.redhat.com/security/data/cve/CVE-2013-2421.html https://www.redhat.com/security/data/cve/CVE-2013-2422.html https://www.redhat.com/security/data/cve/CVE-2013-2423.html https://www.redhat.com/security/data/cve/CVE-2013-2424.html https://www.redhat.com/security/data/cve/CVE-2013-2426.html https://www.redhat.com/security/data/cve/CVE-2013-2429.html https://www.redhat.com/security/data/cve/CVE-2013-2430.html https://www.redhat.com/security/data/cve/CVE-2013-2431.html https://www.redhat.com/security/data/cve/CVE-2013-2436.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRbvIqXlSAg2UNWIIRAlJMAKCVluLVfsLBqDgkr0bQ5726zrS77gCfSYDg pRdwVdpsYUlytlzUe+jFDfI= =1mI7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-04-16-2 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later Impact: Multiple vulnerabilities in Java 1.6.0_43 Description: Multiple vulnerabilities existed in Java 1.6.0_43, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. These issues were addressed by updating to Java version 1.6.0_45. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2013-1491 CVE-2013-1537 CVE-2013-1540 CVE-2013-1557 CVE-2013-1558 CVE-2013-1563 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2394 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2422 CVE-2013-2424 CVE-2013-2429 CVE-2013-2430 CVE-2013-2432 CVE-2013-2435 CVE-2013-2437 CVE-2013-2440 Java for OS X 2013-003 and Mac OS X v10.6 Update 15 may be obtained from the Software Update pane in System Preferences, Mac App Store, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.Update15.dmg Its SHA-1 digest is: 56a950f7a89f2a1c39de01b2b1998986f132be57 For OS X Lion and Mountain Lion systems The download file is named: JavaForOSX2013-003.dmg Its SHA-1 digest is: 3393ff8642b6e29cacaf10fbb04f76e657cc313a Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRbatSAAoJEPefwLHPlZEwsl4P/ixeRjTgN3MFTNK4VTobV93j zbj99S53RY0R7vOd7lZe6QMnLjvAEC+wF5BEsWcLbI/+L1ewufE62TeC3K0v7QH6 GExzGa41GCfICF3cUSQNopXy3KvskLACpOmK3LKxUUtP2NL7+As3HpXyaU3pPvxk EQE/Af9p4IzPECvZzBe8KfJuQWeUWYiQhN+nH6ei4E2FS6vXaUlTpOn6sUVyeDfR JX3NFmbXuJB0RKQcKicGSx8x1lZTRFSVPbb6HPfcvHHnfUe2WqqA6SwUZavrtY6C jiSqAB5Vog8oTP4XZhgrxPlqohZqnYJ7Fnimrk+LeiPrJ2Is3W6TM9kEhU6vfgCm xIDC0GuZRToiWDzUQskeNitUDLGYz+32a/4ZyFLGtHZdiGhOgiuqGuYPnCdRvhGt 9kMgcOC5f/C1uBNAw8pCDfsqm00dmA6IV1QRHZLGKQhUsiu3PbhftB0EiUiEwlcX la5Xvp+3AkupO8Gc0JOnAvVgYy7s6IupHUzwsMD3vDEzaF1lrQ6+z6tjhibhc+mb y0VycheIUSUyNuLt6js06wyhK8VW5vkNFG+Ogj1xm/3Y2sSJQfxGsOMqRwrkBN7p EEKV7Nck9G/qsuKBzEZJ3CFDkF6RJezoYN8v3QG+sZLEt4WFVkmtG86NgEVPu6gp tyT4/+vnaqKDRbcwCKXy =bvDt -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1819-1 May 07, 2013 openjdk-6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in OpenJDK 6. Software Description: - openjdk-6: Open Source Java implementation Details: Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. (CVE-2013-0401) James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. (CVE-2013-1488) Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. (CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436) Two vulnerabilities were discovered in the OpenJDK JRE related to confidentiality. An attacker could exploit these to expose sensitive data over the network. (CVE-2013-2415, CVE-2013-2424) Two vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. (CVE-2013-2417, CVE-2013-2419) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.12.04.1 icedtea-6-jre-jamvm 6b27-1.12.5-0ubuntu0.12.04.1 openjdk-6-jre 6b27-1.12.5-0ubuntu0.12.04.1 openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.12.04.1 openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.12.04.1 openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.12.04.1 Ubuntu 11.10: icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.11.10.1 icedtea-6-jre-jamvm 6b27-1.12.5-0ubuntu0.11.10.1 openjdk-6-jre 6b27-1.12.5-0ubuntu0.11.10.1 openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.11.10.1 openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.11.10.1 openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.11.10.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b27-1.12.5-0ubuntu0.10.04.1 openjdk-6-jre 6b27-1.12.5-0ubuntu0.10.04.1 openjdk-6-jre-headless 6b27-1.12.5-0ubuntu0.10.04.1 openjdk-6-jre-lib 6b27-1.12.5-0ubuntu0.10.04.1 openjdk-6-jre-zero 6b27-1.12.5-0ubuntu0.10.04.1 This update uses a new upstream release, which includes additional bug fixes. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRcSLkmqjQ0CJFipgRAsEgAJ4gHSUUcP7uDS3JIxzQZxnCLwXe1QCfTQXq o4NG1rmFdAUfR4q/O/aHdtM= =EXuM -----END PGP SIGNATURE-----

Trust: 3.33

sources: NVD: CVE-2013-2420 // JVNDB: JVNDB-2013-002394 // ZDI: ZDI-13-073 // BID: 59167 // VULMON: CVE-2013-2420 // PACKETSTORM: 121320 // PACKETSTORM: 121631 // PACKETSTORM: 121703 // PACKETSTORM: 121538 // PACKETSTORM: 121327 // PACKETSTORM: 121555 // PACKETSTORM: 121351 // PACKETSTORM: 121361

AFFECTED PRODUCTS

vendor:	sun	model:	jre	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	lte	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	lte	version:	1.7.0	Trust: 1.0
vendor:	sun	model:	jre	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	jdk	scope:	eq	version:	1.6.0	Trust: 1.0
vendor:	oracle	model:	jre	scope:	lte	version:	1.5.0	Trust: 1.0
vendor:	oracle	model:	jdk	scope:	lte	version:	1.6.0	Trust: 1.0
vendor:	sun	model:	jre 1.6.0 03	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 17	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 8	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 30	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 32	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.5.0 39	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 15	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 17	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 01	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 18	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 35	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 16	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 22	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 05	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 28	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 14	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jre	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 21	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 20	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 32	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 38	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 25	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 43	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 07	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 35	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 31	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 18	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 27	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 06	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 19	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 23	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 10	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 18	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 05	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 03	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 17	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 39	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 2	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 10	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 8	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 2	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 20	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 12	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 13	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 14	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 12	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 04	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.5.0 36	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 10	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 04	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 25	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 35	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.5.0 41	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 32	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.5.0 36	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.5.0 38	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 37	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 11	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 27	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.5.0 38	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 11	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 14	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 15	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 30	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 16	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 25	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 04	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 12	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 26	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 33	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 7	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jre	scope:	eq	version:	1.7	Trust: 0.9
vendor:	sun	model:	jre 03	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 02	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 23	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 01	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 4	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 28	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 9	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 06	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 19	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 9	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 13	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 38	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 15	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 22	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 07	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 11	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 20	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 43	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 29	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 28	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 23	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.5.0 39	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 11	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 35	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 17	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 23	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 14	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 13	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jdk 02	scope:	eq	version:	1.5	Trust: 0.9
vendor:	oracle	model:	jdk 1.7.0 7	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 32	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.6.0 02	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 27	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 13	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 10	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 28	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 05	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 4	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 01	scope:	eq	version:	1.5	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 26	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 30	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 33	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 26	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.6.0 21	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.6.0 24	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 25	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 06	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 27	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 22	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 11	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jdk 18	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 10	scope:	eq	version:	1.6	Trust: 0.9
vendor:	oracle	model:	jdk	scope:	eq	version:	1.7	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 26	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 22	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 24	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 29	scope:	-	version:	-	Trust: 0.9
vendor:	oracle	model:	jre 1.7.0 17	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 31	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 30	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 15	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 02	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jdk 13	scope:	eq	version:	1.6	Trust: 0.9
vendor:	sun	model:	jdk .0 05	scope:	eq	version:	1.5	Trust: 0.9
vendor:	oracle	model:	jdk 1.6.0 39	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 0 10	scope:	eq	version:	1.5	Trust: 0.9
vendor:	sun	model:	jre 1.5.0 13	scope:	-	version:	-	Trust: 0.9
vendor:	sun	model:	jdk 1.5.0 24	scope:	-	version:	-	Trust: 0.9
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.6.8	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.7 and later	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.8 and later	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.6.8	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.7 and later	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	5.0 update 41	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	6 update 43	Trust: 0.8
vendor:	oracle	model:	jdk	scope:	lte	version:	7 update 17	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	5.0 update 41	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	6 update 43	Trust: 0.8
vendor:	oracle	model:	jre	scope:	lte	version:	7 update 17	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	5.0 update 33	Trust: 0.8
vendor:	sun microsystems	model:	jdk	scope:	lte	version:	6 update 21	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	5.0 update 33	Trust: 0.8
vendor:	sun microsystems	model:	jre	scope:	lte	version:	6 update 21	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server enterprise	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server standard	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server version 5	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus client	scope:	eq	version:	version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer light version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer professional version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer standard version 6	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer version 5	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer's kit for java	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	hitachi	model:	cosminexus server - standard edition version 4	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus server - web edition version 4	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	- web edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	express	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	light	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server smart edition	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server standard	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus client	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus client	scope:	eq	version:	for plug-in	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	01	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional for plug-in	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer light	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer standard	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus operator	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus primary server	scope:	eq	version:	base	Trust: 0.8
vendor:	hitachi	model:	ucosminexus server	scope:	eq	version:	standard-r	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service architect	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	none	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	- messaging	Trust: 0.8
vendor:	oracle	model:	java runtime	scope:	-	version:	-	Trust: 0.7
vendor:	sun	model:	jdk 1.5.0.0 11	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jre 1.5.0.0 09	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk 11-b03	scope:	eq	version:	1.5	Trust: 0.6
vendor:	sun	model:	jdk 1.5.0 12	scope:	-	version:	-	Trust: 0.6
vendor:	oracle	model:	jdk 1.7.0 17	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk .0 04	scope:	eq	version:	1.5	Trust: 0.6
vendor:	sun	model:	jdk 01-b06	scope:	eq	version:	1.6	Trust: 0.6
vendor:	oracle	model:	jdk 1.5.0 41	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk .0 03	scope:	eq	version:	1.5	Trust: 0.6
vendor:	sun	model:	jdk 1.5.0.0 08	scope:	-	version:	-	Trust: 0.6
vendor:	oracle	model:	jre 1.7.0 12	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk 1.5.0.0 09	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jre 1.5.0.0 07	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jre 1.6.0 2	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk 1.6.0 01	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk 07-b03	scope:	eq	version:	1.5	Trust: 0.6
vendor:	sun	model:	jdk 06	scope:	eq	version:	1.5	Trust: 0.6
vendor:	sun	model:	jre 1.5.0.0 08	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jre 1.6.0 20	scope:	-	version:	-	Trust: 0.6
vendor:	sun	model:	jdk 1.5.0.0 12	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	5.0	Trust: 0.3
vendor:	ubuntu	model:	linux	scope:	eq	version:	11.10	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service sp2	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	network satellite (for rhel	scope:	eq	version:	6)5.5	Trust: 0.3
vendor:	schneider electric	model:	trio tview software	scope:	eq	version:	3.27.0	Trust: 0.3
vendor:	avaya	model:	cms r15	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	intelligent operations center	scope:	eq	version:	1.5.0.2	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.3	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for software	scope:	eq	version:	5.1.1.3	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	sun	model:	jdk 01	scope:	eq	version:	1.6	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management essentials	scope:	eq	version:	7.1	Trust: 0.3
vendor:	avaya	model:	cms r16.3	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2.11	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration virtual applianc	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	java se	scope:	eq	version:	6	Trust: 0.3
vendor:	schneider electric	model:	trio tview software	scope:	ne	version:	3.29.0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server enterprise	scope:	eq	version:	02-00	Trust: 0.3
vendor:	ibm	model:	virtualization engine ts7700	scope:	ne	version:	8.31.0.89	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.1	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server standard	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	one-x client enablement services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	hitachi	model:	cosminexus server web edition	scope:	eq	version:	4	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server express	scope:	eq	version:	09-70	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration studio	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	lotus notes fix pack	scope:	ne	version:	8.5.35	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.1.0.1	Trust: 0.3
vendor:	ibm	model:	lotus domino fix pack	scope:	ne	version:	8.5.35	Trust: 0.3
vendor:	avaya	model:	aura system platform sp2	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.6	Trust: 0.3
vendor:	redhat	model:	network satellite (for rhel	scope:	eq	version:	5)5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	5.2	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	12.10	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.1.0	Trust: 0.3
vendor:	ibm	model:	intelligent operations center	scope:	eq	version:	1.5.0.1	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1	Trust: 0.3
vendor:	ibm	model:	tivoli endpoint manager for remote control	scope:	eq	version:	8.2.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.3	Trust: 0.3
vendor:	hitachi	model:	ucosminexus operator	scope:	eq	version:	0	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.1.5	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	12.10	Trust: 0.3
vendor:	avaya	model:	aura application server sip core	scope:	eq	version:	53002.0	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.0.3	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	tivoli monitoring	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration physical applian	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.2.1	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service sp3	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.2.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus developer light	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for multiplatforms	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for integrated operations management	scope:	eq	version:	2.1	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.5	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	8.0	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ibm	model:	websphere operational decision management	scope:	eq	version:	7.5.0.0	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	6.2	Trust: 0.3
vendor:	ibm	model:	rational host on-demand	scope:	eq	version:	11.0.7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	java sdk	scope:	eq	version:	7	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	ne	version:	7.2.1.5	Trust: 0.3
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	010	Trust: 0.3
vendor:	redhat	model:	enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.0.1	Trust: 0.3
vendor:	ibm	model:	rational host on-demand	scope:	ne	version:	11.0.8	Trust: 0.3
vendor:	hitachi	model:	ucosminexus service architect	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	voice portal sp1	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0 11	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration live saas offeri	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.2	Trust: 0.3
vendor:	hitachi	model:	ucosminexus developer light	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	smart analytics system	scope:	eq	version:	56009.7	Trust: 0.3
vendor:	hitachi	model:	cosminexus server standard edition	scope:	eq	version:	4	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.2.4	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0.0 04	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management essentials	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.2.3	Trust: 0.3
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services sp	scope:	eq	version:	6.16.1.0.9.8	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	avaya	model:	aura presence services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.2	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0.0 06	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	aura presence services	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	ibm	model:	tivoli monitoring	scope:	eq	version:	6.3	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.2.4.0.15	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	websphere ilog jrules	scope:	eq	version:	7.1	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server light	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	hitachi	model:	cosminexus application server standard	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	tivoli monitoring	scope:	eq	version:	6.2	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.2.0.1	Trust: 0.3
vendor:	avaya	model:	cms r17	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2.1.4	Trust: 0.3
vendor:	wordpress	model:	uploader	scope:	eq	version:	1.0	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration virtual applianc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hitachi	model:	cosminexus developer professional	scope:	eq	version:	6	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	12.2	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	sun	model:	jre 1.5.0 09	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	one-x client enablement services	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.1.0.2	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.4	Trust: 0.3
vendor:	avaya	model:	one-x client enablement services	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	12.04	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	tivoli remote control	scope:	eq	version:	5.1.2	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration virtual applianc	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration physical applian	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	sun	model:	jre beta	scope:	eq	version:	1.5.0	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.2.5.0.15	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.1.1	Trust: 0.3
vendor:	ibm	model:	tivoli system automation application manager	scope:	eq	version:	3.2	Trust: 0.3
vendor:	sun	model:	jdk	scope:	eq	version:	1.5	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux server eus 6.4.z	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	cosminexus developer standard	scope:	eq	version:	6	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server x86 64	scope:	eq	version:	5	Trust: 0.3
vendor:	sun	model:	jdk 07	scope:	eq	version:	1.5	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.3	Trust: 0.3
vendor:	avaya	model:	aura session manager sp2	scope:	eq	version:	5.2	Trust: 0.3
vendor:	ibm	model:	java sdk	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	ip office server edition	scope:	eq	version:	8.1	Trust: 0.3
vendor:	hitachi	model:	cosminexus application server enterprise	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.2	Trust: 0.3
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	one-x client enablement services	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	hitachi	model:	ucosminexus developer professional for plug-in	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	1.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	ibm	model:	intelligent operations center	scope:	eq	version:	1.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.8.3	Trust: 0.3
vendor:	ibm	model:	tivoli endpoint manager for remote control	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ibm	model:	tivoli monitoring	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.2.3	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for integrated operations management	scope:	ne	version:	2.1.1.4	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.3	Trust: 0.3
vendor:	mandrakesoft	model:	enterprise server	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.3.9.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.3	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0 11-b03	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.2	Trust: 0.3
vendor:	ibm	model:	virtualization engine ts7700	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for multiplatforms	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.5	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.5	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1x8664	Trust: 0.3
vendor:	ibm	model:	websphere message broker	scope:	eq	version:	7.0.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.4	Trust: 0.3
vendor:	ibm	model:	tivoli system automation application manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	communication server 1000m	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation optional	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration live saas offeri	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	communication server 1000m signaling server	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	avaya	model:	communication server 1000e	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	operational decision manager	scope:	eq	version:	8.5	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	ibm	model:	tivoli monitoring	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.2.2	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.2.1	Trust: 0.3
vendor:	hitachi	model:	cosminexus studio	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	ibm	model:	websphere message broker	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.1	Trust: 0.3
vendor:	avaya	model:	aura experience portal	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	ibm	model:	maximo asset management essentials	scope:	eq	version:	7.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	ibm	model:	websphere message broker	scope:	eq	version:	8.0	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	1.1	Trust: 0.3
vendor:	hp	model:	java jre/jdk for hp-ux	scope:	eq	version:	1.6.0.18	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.2	Trust: 0.3
vendor:	hitachi	model:	ucosminexus developer professional	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	aura presence services	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura experience portal sp2	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hitachi	model:	ucosminexus developer standard	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	hitachi	model:	cosminexus	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	avaya	model:	aura presence services sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	tivoli system automation application manager	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.8.3	Trust: 0.3
vendor:	avaya	model:	aura system manager sp1	scope:	eq	version:	6.1	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.1	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.2	Trust: 0.3
vendor:	hitachi	model:	cosminexus client	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	communication server 1000m signaling server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	avaya	model:	aura experience portal	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.4	Trust: 0.3
vendor:	avaya	model:	communication server 1000e	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sun	model:	jre 07	scope:	eq	version:	1.5	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.2.2	Trust: 0.3
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2.13	Trust: 0.3
vendor:	sun	model:	jdk 0 09	scope:	eq	version:	1.5	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1.5	Trust: 0.3
vendor:	sun	model:	jre 1.5.0 08	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.1.4	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration studio	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.7	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.2.2	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server smart edition	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	aura session manager sp2	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura conferencing	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.7	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for multiplatforms	scope:	eq	version:	3.2	Trust: 0.3
vendor:	avaya	model:	aura presence services	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	5.0	Trust: 0.3
vendor:	avaya	model:	ip office application server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	avaya	model:	messaging application server	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	suse	model:	linux enterprise java sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server optional	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.1.2	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration physical applian	scope:	eq	version:	6.1	Trust: 0.3
vendor:	ibm	model:	websphere cast iron cloud integration studio	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.1.3	Trust: 0.3
vendor:	avaya	model:	aura conferencing sp1 standard	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	10.04	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.1.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5.0.1	Trust: 0.3
vendor:	avaya	model:	one-x client enablement service sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	aura session manager sp1	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.8	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.3	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.5	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.2.1.0.9	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager for software	scope:	eq	version:	5.1	Trust: 0.3
vendor:	ibm	model:	java se	scope:	eq	version:	7	Trust: 0.3
vendor:	avaya	model:	aura application server sip core	scope:	eq	version:	53003.0	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	8.0.2.4	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0 07-b03	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	lotus notes	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	avaya	model:	aura experience portal	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	ibm	model:	lotus domino	scope:	eq	version:	8.5.1	Trust: 0.3
vendor:	avaya	model:	aura experience portal sp1	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.5	Trust: 0.3
vendor:	avaya	model:	one-x client enablement services	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	ibm	model:	operational decision manager	scope:	eq	version:	8.0	Trust: 0.3
vendor:	avaya	model:	communication server 1000e signaling server	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	avaya	model:	cms r16	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	aura messaging	scope:	eq	version:	6.1	Trust: 0.3
vendor:	avaya	model:	aura system manager sp3	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	aura system platform sp3	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2	Trust: 0.3
vendor:	hitachi	model:	ucosminexus service platform	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2.5	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.1	Trust: 0.3
vendor:	sun	model:	jdk 1.6.0 01-b06	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.2	Trust: 0.3
vendor:	avaya	model:	aura conferencing	scope:	eq	version:	7.0	Trust: 0.3
vendor:	hitachi	model:	ucosminexus client	scope:	eq	version:	0	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.2	Trust: 0.3
vendor:	avaya	model:	aura system platform sp1	scope:	eq	version:	6.2	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	tivoli system automation application manager	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	5.2.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	proactive contact	scope:	eq	version:	5.1	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	5.1.1.1	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.3.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	hitachi	model:	ucosminexus application server standard-r	scope:	eq	version:	0	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	maximo asset management	scope:	eq	version:	6.2	Trust: 0.3
vendor:	sun	model:	jdk 1.5.0.0 03	scope:	-	version:	-	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	5.2.4	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	5.2	Trust: 0.3
vendor:	avaya	model:	aura system platform	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	avaya	model:	communication server 1000e signaling server	scope:	eq	version:	7.5	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.1.0.9.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	5.1.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7	Trust: 0.3
vendor:	suse	model:	linux enterprise java sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.5	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.3	Trust: 0.3
vendor:	ibm	model:	tivoli composite application manager for transactions	scope:	eq	version:	7.2.0.2	Trust: 0.3
vendor:	ibm	model:	rational host on-demand	scope:	eq	version:	11.0	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	7.1	Trust: 0.3
vendor:	sun	model:	jdk 0 03	scope:	eq	version:	1.5	Trust: 0.3
vendor:	suse	model:	linux enterprise software development kit sp2	scope:	eq	version:	11	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	avaya	model:	communication server 1000m	scope:	eq	version:	7.5	Trust: 0.3
vendor:	avaya	model:	communication server 1000e signaling server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	avaya	model:	aura communication manager utility services	scope:	eq	version:	6.2	Trust: 0.3
vendor:	ibm	model:	tivoli application dependency discovery manager	scope:	eq	version:	7.2.12	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp4	scope:	eq	version:	10	Trust: 0.3
vendor:	avaya	model:	aura conferencing standard	scope:	eq	version:	6.0	Trust: 0.3
vendor:	hp	model:	java jre/jdk for hp-ux	scope:	ne	version:	1.6.0.19.00	Trust: 0.3
vendor:	ibm	model:	tivoli provisioning manager	scope:	eq	version:	7.2	Trust: 0.3
vendor:	avaya	model:	communication server 1000m signaling server	scope:	eq	version:	7.5	Trust: 0.3
vendor:	avaya	model:	communication server 1000e	scope:	eq	version:	7.5	Trust: 0.3
vendor:	ibm	model:	tivoli system automation for multiplatforms	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	avaya	model:	communication server 1000m	scope:	eq	version:	7.0	Trust: 0.3

sources: ZDI: ZDI-13-073 // BID: 59167 // JVNDB: JVNDB-2013-002394 // NVD: CVE-2013-2420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2420
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-2420
value:	HIGH
Trust: 0.8
ZDI:	CVE-2013-2420
value:	HIGH
Trust: 0.7
VULMON:	CVE-2013-2420
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-2420
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6

sources: ZDI: ZDI-13-073 // VULMON: CVE-2013-2420 // JVNDB: JVNDB-2013-002394 // NVD: CVE-2013-2420

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-2420

THREAT TYPE

network

Trust: 0.3

sources: BID: 59167

TYPE

Unknown

Trust: 0.3

sources: BID: 59167

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002394

PATCH

title:	Oracle Java SE Critical Patch Update Advisory - April 2013	url:	http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html	Trust: 1.5
title:	APPLE-SA-2013-04-16-2	url:	http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html	Trust: 0.8
title:	HT5734	url:	http://support.apple.com/kb/HT5734	Trust: 0.8
title:	HT5734	url:	http://support.apple.com/kb/HT5734?viewlocale=ja_JP	Trust: 0.8
title:	HS13-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-010/index.html	Trust: 0.8
title:	HPSBUX02889 SSRT101252	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03809278	Trust: 0.8
title:	HPSBUX02922 SSRT101305	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880	Trust: 0.8
title:	SUSE-SU-2013:0814	url:	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html	Trust: 0.8
title:	SUSE-SU-2013:0835	url:	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html	Trust: 0.8
title:	SUSE-SU-2013:0934	url:	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html	Trust: 0.8
title:	SUSE-SU-2013:0871	url:	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html	Trust: 0.8
title:	openSUSE-SU-2013:0777	url:	http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html	Trust: 0.8
title:	openSUSE-SU-2013:0964	url:	http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html	Trust: 0.8
title:	jdk7u/jdk7u-dev/jdk / changeset	url:	http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8	Trust: 0.8
title:	Text Form of Oracle Java SE Critical Patch Update - April 2013 Risk Matrices	url:	http://www.oracle.com/technetwork/topics/security/javacpuapr2013verbose-1928687.html	Trust: 0.8
title:	Bug 952638	url:	https://bugzilla.redhat.com/show_bug.cgi?id=952638	Trust: 0.8
title:	RHSA-2013:0757	url:	http://rhn.redhat.com/errata/RHSA-2013-0757.html	Trust: 0.8
title:	RHSA-2013:0758	url:	http://rhn.redhat.com/errata/RHSA-2013-0758.html	Trust: 0.8
title:	RHSA-2013:1455	url:	http://rhn.redhat.com/errata/RHSA-2013-1455.html	Trust: 0.8
title:	RHSA-2013:1456	url:	http://rhn.redhat.com/errata/RHSA-2013-1456.html	Trust: 0.8
title:	RHSA-2013:0752	url:	http://rhn.redhat.com/errata/RHSA-2013-0752.html	Trust: 0.8
title:	April 2013 Critical Patch Update for Java SE Released	url:	https://blogs.oracle.com/security/entry/april_2013_critical_patch_update1	Trust: 0.8
title:	TLSA-2013-2	url:	http://www.turbolinux.co.jp/security/2013/TLSA-2013-2j.html	Trust: 0.8
title:	USN-1806-1	url:	http://www.ubuntu.com/usn/USN-1806-1	Trust: 0.8
title:	HS13-010	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-010/index.html	Trust: 0.8
title:	Oracle Corporation Javaプラグインの脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/oracle/20130417.html	Trust: 0.8
title:	Red Hat: CVE-2013-2420	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2013-2420	Trust: 0.1
title:	Red Hat: Important: java-1.6.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130770 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130751 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-ibm security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130823 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.6.0-sun security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130758 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: java-1.7.0-openjdk security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130752 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: java-1.7.0-oracle security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20130757 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-6 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1819-1	Trust: 0.1
title:	Ubuntu Security Notice: openjdk-7 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1806-1	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2013-185	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2013-185	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2013-183	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2013-183	Trust: 0.1
title:	Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20131456 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20131455 - Security Advisory	Trust: 0.1

sources: ZDI: ZDI-13-073 // VULMON: CVE-2013-2420 // JVNDB: JVNDB-2013-002394

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2420	Trust: 3.7
db:	USCERT	id:	TA13-107A	Trust: 1.9
db:	BID	id:	59167	Trust: 1.4
db:	ZDI	id:	ZDI-13-073	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002394	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1716	Trust: 0.7
db:	HITACHI	id:	HS13-010	Trust: 0.3
db:	ICS CERT	id:	ICSA-17-213-02	Trust: 0.3
db:	VULMON	id:	CVE-2013-2420	Trust: 0.1
db:	PACKETSTORM	id:	121320	Trust: 0.1
db:	PACKETSTORM	id:	121631	Trust: 0.1
db:	PACKETSTORM	id:	121703	Trust: 0.1
db:	PACKETSTORM	id:	121538	Trust: 0.1
db:	PACKETSTORM	id:	121327	Trust: 0.1
db:	PACKETSTORM	id:	121555	Trust: 0.1
db:	PACKETSTORM	id:	121351	Trust: 0.1
db:	PACKETSTORM	id:	121361	Trust: 0.1

sources: ZDI: ZDI-13-073 // VULMON: CVE-2013-2420 // BID: 59167 // JVNDB: JVNDB-2013-002394 // PACKETSTORM: 121320 // PACKETSTORM: 121631 // PACKETSTORM: 121703 // PACKETSTORM: 121538 // PACKETSTORM: 121327 // PACKETSTORM: 121555 // PACKETSTORM: 121351 // PACKETSTORM: 121361 // NVD: CVE-2013-2420

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html	Trust: 2.4
url:	http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/	Trust: 2.0
url:	https://wiki.mageia.org/en/support/advisories/mgasa-2013-0130	Trust: 2.0
url:	https://wiki.mageia.org/en/support/advisories/mgasa-2013-0124	Trust: 2.0
url:	http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/	Trust: 1.9
url:	http://www.us-cert.gov/ncas/alerts/ta13-107a	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2013-0757.html	Trust: 1.2
url:	http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-april/022796.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2013-0752.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-0758.html	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-1806-1	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html	Trust: 1.1
url:	http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html	Trust: 1.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=952638	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=137283787217316&w=2	Trust: 1.1
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03898880	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-1455.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2013-1456.html	Trust: 1.1
url:	http://lists.apple.com/archives/security-announce/2013/apr/msg00001.html	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2013:145	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2013:161	Trust: 1.1
url:	http://security.gentoo.org/glsa/glsa-201406-32.xml	Trust: 1.1
url:	http://www.securityfocus.com/bid/59167	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19704	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19354	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16597	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2420	Trust: 1.0
url:	http://www.ipa.go.jp/security/ciadr/vul/20130417-jre.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2013/at130021.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta13-107a/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2420	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1569	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2420	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2383	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1557	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2384	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2419	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1537	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2417	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2424	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0401	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2422	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2430	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2429	Trust: 0.7
url:	https://downloads.avaya.com/css/p8/documents/100172168	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1518	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1558	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2421	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1488	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2415	Trust: 0.5
url:	https://www.redhat.com/security/data/cve/cve-2013-1569.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2417.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2419.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-0401.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2430.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-1537.html	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2431	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2383.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-1557.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2424.html	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2384.html	Trust: 0.4
url:	https://access.redhat.com/knowledge/articles/11258	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2429.html	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2426	Trust: 0.4
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.4
url:	http://bugzilla.redhat.com/):	Trust: 0.4
url:	https://www.redhat.com/security/data/cve/cve-2013-2420.html	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1491	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2394	Trust: 0.4
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001531	Trust: 0.3
url:	http://www.ibm.com/developerworks/java/jdk/alerts/#oracle_april_16_2013_cpu	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100172719	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21649510	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24034690	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24034225	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-213-02	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2013/apr/msg00001.html	Trust: 0.3
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03809278	Trust: 0.3
url:	http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jz8iz8..t.d3wy.82bm.bw89mq%5f%5fcviafmb0	Trust: 0.3
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-010/index.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640206	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21637512	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640420	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100172158	Trust: 0.3
url:	http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00001.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21633170	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21640763	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21645096	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21645100	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21643544	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21649300	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21644918	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21647384	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21643697	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21642358	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004513	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21649318	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21643618	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21643513	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21645425	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-13-073/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2436	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-2422.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2423	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-2394.html	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-2432.html	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-1491.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1540	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1563	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2432	Trust: 0.3
url:	https://www.redhat.com/security/data/cve/cve-2013-2426.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2436.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2415.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-1518.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-1558.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2421.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-1488.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2431.html	Trust: 0.2
url:	https://rhn.redhat.com/errata/rhsa-2013-0751.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2423.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-1540.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2440	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2435.html	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2435	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0169	Trust: 0.2
url:	https://www.ibm.com/developerworks/java/jdk/alerts/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2418	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2418.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-1563.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-0169.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2433.html	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2013-2440.html	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2431	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2426	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2421	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1569	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1488	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1518	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2419	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2384	Trust: 0.2
url:	http://www.mandriva.com/en/support/security/	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2417	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0401	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2429	Trust: 0.2
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1557	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2383	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1537	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2415	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2424	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2430	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2422	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29297	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2013-2420	Trust: 0.1
url:	https://usn.ubuntu.com/1819-1/	Trust: 0.1
url:	http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/news	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2013-0823.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2433	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2013-0855.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2423	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2436	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1558	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2437	Trust: 0.1
url:	http://www.o	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.10.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.11.10.1	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-1819-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openjdk-6/6b27-1.12.5-0ubuntu0.12.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1564	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2416	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-0402.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2427.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2439.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2434.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1561	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2414.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2416.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2425	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-1561.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0402	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2428.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2414	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-1564.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2425.html	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2013-2438.html	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=952387	Trust: 0.1

CREDITS

Vitaliy Toropov

Trust: 1.0

sources: ZDI: ZDI-13-073 // BID: 59167

SOURCES

db:	ZDI	id:	ZDI-13-073
db:	VULMON	id:	CVE-2013-2420
db:	BID	id:	59167
db:	JVNDB	id:	JVNDB-2013-002394
db:	PACKETSTORM	id:	121320
db:	PACKETSTORM	id:	121631
db:	PACKETSTORM	id:	121703
db:	PACKETSTORM	id:	121538
db:	PACKETSTORM	id:	121327
db:	PACKETSTORM	id:	121555
db:	PACKETSTORM	id:	121351
db:	PACKETSTORM	id:	121361
db:	NVD	id:	CVE-2013-2420

LAST UPDATE DATE

2025-04-27T20:07:42.148000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-13-073	date:	2013-05-10T00:00:00
db:	VULMON	id:	CVE-2013-2420	date:	2017-09-19T00:00:00
db:	BID	id:	59167	date:	2017-08-11T21:10:00
db:	JVNDB	id:	JVNDB-2013-002394	date:	2015-03-18T00:00:00
db:	NVD	id:	CVE-2013-2420	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-13-073	date:	2013-05-10T00:00:00
db:	VULMON	id:	CVE-2013-2420	date:	2013-04-17T00:00:00
db:	BID	id:	59167	date:	2013-04-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-002394	date:	2013-04-22T00:00:00
db:	PACKETSTORM	id:	121320	date:	2013-04-17T23:59:43
db:	PACKETSTORM	id:	121631	date:	2013-05-14T20:49:34
db:	PACKETSTORM	id:	121703	date:	2013-05-23T00:42:44
db:	PACKETSTORM	id:	121538	date:	2013-05-06T19:22:00
db:	PACKETSTORM	id:	121327	date:	2013-04-17T17:22:22
db:	PACKETSTORM	id:	121555	date:	2013-05-07T20:22:00
db:	PACKETSTORM	id:	121351	date:	2013-04-19T06:13:57
db:	PACKETSTORM	id:	121361	date:	2013-04-19T19:11:00
db:	NVD	id:	CVE-2013-2420	date:	2013-04-17T18:55:07.017