Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
BID:58031
Info
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
| Bugtraq ID: | 58031 |
| Class: | Unknown |
| CVE: |
CVE-2013-1487 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Aug 11 2017 08:10PM |
| Credit: | Oracle |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.10 i386 Ubuntu Ubuntu Linux 12.10 amd64 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Software Development Kit 11 SP2 SuSE SUSE Linux Enterprise Server for VMware 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 LTSS SuSE SUSE Linux Enterprise Server 11 SP1 for VMware LT SuSE SUSE Linux Enterprise Server 10 SP3 LTSS SuSE SUSE Linux Enterprise Java 11 SP2 SuSE Linux Enterprise Software Development Kit 11 SP2 Sun JRE (Windows Production Release) 1.7 Sun JRE (Solaris Production Release) 1.7 Sun JRE (Linux Production Release) 1.7 Schneider-Electric Trio TView Software 3.27.0 Redhat Network Satellite (for RHEL 6) 5.5 Redhat Network Satellite (for RHEL 5) 5.5 Redhat Enterprise Linux Workstation Supplementary 6 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Server Supplementary 6 Redhat Enterprise Linux HPC Node Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 6 Redhat Enterprise Linux Desktop Supplementary 5 client Oracle JRE(Windows Production Release) 1.7.0_9 Oracle JRE(Windows Production Release) 1.7.0_8 Oracle JRE(Windows Production Release) 1.7.0_13 Oracle JRE(Windows Production Release) 1.7.0_12 Oracle JRE(Windows Production Release) 1.7.0_11 Oracle JRE(Windows Production Release) 1.7.0_10 Oracle JRE(Windows Production Release) 1.6.0_39 Oracle JRE(Solaris Production Release) 1.7.0_9 Oracle JRE(Solaris Production Release) 1.7.0_8 Oracle JRE(Solaris Production Release) 1.7.0_13 Oracle JRE(Solaris Production Release) 1.7.0_12 Oracle JRE(Solaris Production Release) 1.7.0_11 Oracle JRE(Solaris Production Release) 1.7.0_10 Oracle JRE(Solaris Production Release) 1.6.0_39 Oracle JRE(Linux Production Release) 1.7.0_9 Oracle JRE(Linux Production Release) 1.7.0_8 Oracle JRE(Linux Production Release) 1.7.0_13 Oracle JRE(Linux Production Release) 1.7.0_11 Oracle JRE(Linux Production Release) 1.7.0_10 Oracle JRE (Windows Production Release) 1.7.0_7 Oracle JRE (Windows Production Release) 1.7.0_4 Oracle JRE (Windows Production Release) 1.7.0_2 Oracle JRE (Solaris Production Release) 1.7.0_7 Oracle JRE (Solaris Production Release) 1.7.0_4 Oracle JRE (Solaris Production Release) 1.7.0_2 Oracle JRE (Linux Production Release) 1.7.0_7 Oracle JRE (Linux Production Release) 1.7.0_4 Oracle JRE (Linux Production Release) 1.7.0_2 Oracle JRE (Linux Production Release) 1.7.0_12 Oracle JRE (Linux Production Release) 1.6.0_39 Oracle JDK(Windows Production Release) 1.7.0_9 Oracle JDK(Windows Production Release) 1.7.0_8 Oracle JDK(Windows Production Release) 1.7.0_13 Oracle JDK(Windows Production Release) 1.7.0_12 Oracle JDK(Windows Production Release) 1.7.0_11 Oracle JDK(Windows Production Release) 1.7.0_10 Oracle JDK(Solaris Production Release) 1.7.0_9 Oracle JDK(Solaris Production Release) 1.7.0_8 Oracle JDK(Solaris Production Release) 1.7.0_13 Oracle JDK(Solaris Production Release) 1.7.0_12 Oracle JDK(Linux Production Release) 1.7.0_9 Oracle JDK(Linux Production Release) 1.7.0_8 Oracle JDK(Linux Production Release) 1.7.0_13 Oracle JDK(Linux Production Release) 1.7.0_11 Oracle JDK(Linux Production Release) 1.7.0_10 Oracle JDK (Windows Production Release) 1.7 Oracle JDK (Windows Production Release) 1.7.0_7 Oracle JDK (Windows Production Release) 1.7.0_4 Oracle JDK (Windows Production Release) 1.7.0_2 Oracle JDK (Windows Production Release) 1.6.0_39 Oracle JDK (Solaris Production Release) 1.7 Oracle JDK (Solaris Production Release) 1.7.0_7 Oracle JDK (Solaris Production Release) 1.7.0_4 Oracle JDK (Solaris Production Release) 1.7.0_2 Oracle JDK (Solaris Production Release) 1.7.0_11 Oracle JDK (Solaris Production Release) 1.7.0_10 Oracle JDK (Solaris Production Release) 1.6.0_39 Oracle JDK (Linux Production Release) 1.7 Oracle JDK (Linux Production Release) 1.7.0_7 Oracle JDK (Linux Production Release) 1.7.0_4 Oracle JDK (Linux Production Release) 1.7.0_2 Oracle JDK (Linux Production Release) 1.7.0_12 Oracle JDK (Linux Production Release) 1.6.0_39 Mercury Interactive Service Manager Web Tier 9.31 Mercury Interactive Service Manager Web Tier 9.30 Mercury Interactive Service Manager Web Tier 7.11 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IBM WebSphere Operational Decision Management 8.0.1 IBM WebSphere Operational Decision Management 7.5.0.0 IBM WebSphere MQ 7.1 1 IBM WebSphere MQ 7.5.0.1 IBM WebSphere MQ 7.5 IBM WebSphere MQ 7.1.0.2 IBM WebSphere MQ 7.1 IBM WebSphere Message Broker 8.0.0.2 IBM WebSphere Message Broker 7.0.0.5 IBM WebSphere Message Broker 6.1.0.11 IBM WebSphere ILOG JRules 7.1.1 IBM WebSphere Cast Iron Cloud Integration 6.0 IBM WebSphere Cast Iron Cloud Integration 6.3 Virtual Applianc IBM WebSphere Cast Iron Cloud Integration 6.3 Studio IBM WebSphere Cast Iron Cloud Integration 6.3 Physical Applian IBM WebSphere Cast Iron Cloud Integration 6.3 Live SaaS offeri IBM WebSphere Cast Iron Cloud Integration 6.1 IBM Tivoli System Automation for Integrated Operations Management 2.1 IBM Tivoli System Automation Application Manager 3.2.2 IBM Tivoli System Automation Application Manager 3.2.1 IBM Tivoli System Automation Application Manager 3.2 IBM Tivoli System Automation Application Manager 3.1 IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.2 IBM Tivoli System Automation (TSA) for Multiplatforms 3.2.1 IBM Tivoli System Automation (TSA) for Multiplatforms 3.2 IBM Tivoli System Automation (TSA) for Multiplatforms 3.1 IBM Tivoli Remote Control 5.1.2 IBM Tivoli Netcool/OMNIbus 7.4 IBM Tivoli Netcool/OMNIbus 7.3.1 IBM Tivoli Netcool/OMNIbus 7.3 IBM Tivoli Netcool/OMNIbus 7.2.1 IBM Tivoli Endpoint Manager for Remote Control 9.0 IBM Tivoli Endpoint Manager for Remote Control 8.2.1 IBM Tivoli Business Service Manager 6.1.1 IBM Tivoli Business Service Manager 6.1 IBM Tivoli Business Service Manager 4.2.1 IBM Tivoli Business Service Manager 4.2 IBM Smart Analytics System 5600 9.7 IBM Rational Host On-Demand 11.0 IBM Rational Host On-Demand 11.0.7 IBM Maximo Asset Management Essentials 7.5 IBM Maximo Asset Management Essentials 7.1 IBM Maximo Asset Management 7.5 IBM Maximo Asset Management 7.1 IBM Maximo Asset Management 6.2 IBM Java SE 7 SR3 IBM Java SE 7 SR2 IBM Java SE 7 SR1 IBM Java SE 6.0.1 SR4 IBM Java SE 6.0.1 SR2-FP1 IBM Java SE 6 SR12 IBM Java SE 6 SR11 IBM Java SE 6 SR10 IBM Java SDK 7 SR3 IBM Java SDK 7 SR2 IBM Java SDK 7 SR1 IBM Java SDK 6.0.1 SR4 IBM Java SDK 6.0.1 SR3 IBM Java SDK 6 SR12 IBM Java SDK 6 SR11 IBM Java SDK 6 SR10 HP ServiceCenter Web Tier 6.2.8 HP Service Manager 9.31 HP Service Manager 9.30 HP Service Manager 7.11 HP HP-UX B.11.31 Gentoo Linux Avaya Voice Portal 5.1.3 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP3 Avaya Voice Portal 5.1 SP2 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.1 Avaya Proactive Contact 5.0 Avaya Messaging Application Server 5.2.1 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.5 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Meeting Exchange 6.2 Avaya Meeting Exchange 5.2 Avaya IR 4.0 Service Pack 6 Avaya IR 4.0 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya IP Office Server Edition 8.1 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya Interactive Response 4.0 SP6 Avaya Interactive Response 4.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Call Management System R16.3eg.b Avaya Call Management System R16.3 Avaya Call Management System R16.2 Avaya Call Management System R16.1 Avaya Call Management System R 16.0 Avaya Call Management System R 16 Avaya Aura System Manager 6.3 Avaya Aura System Manager 6.2 SP3 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.5 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.5 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.0.1 Avaya Aura Session Manager 6.3 Avaya Aura Session Manager 6.2.2 Avaya Aura Session Manager 6.2 SP1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2.1 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Presence Services 6.1.2 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 SP1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1.1 Avaya Aura Messaging 6.2 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0.2 Avaya Aura Experience Portal 6.0.1 Avaya Aura Experience Portal 6.0 SP2 Avaya Aura Experience Portal 6.0 SP1 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 7.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard Avaya Aura Communication Manager Utility Services 6.2.5.0.15 Avaya Aura Communication Manager Utility Services 6.2.4.0.15 Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1.0.9.8 Avaya Aura Communication Manager Utility Services 6.1 SP 6.1.0.9.8 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 5.2 Avaya Aura Communication Manager 5.1 Avaya Aura Communication Manager 4.0 Avaya Aura Application Server 5300 SIP Core 3.0 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.2 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.4 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Apple Mac OS X Server 10.6.8 Apple Mac OS X 10.6.8 |
| Not Vulnerable: |
Schneider-Electric Trio TView Software 3.29.0 IBM Tivoli System Automation for Integrated Operations Management 2.1.1.4 IBM Tivoli Business Service Manager 6.1.1 0 IBM Java SE 7 SR4 IBM Java SE 6.0.1 SR5 IBM Java SE 6 SR13 IBM Java SDK 7 SR4 IBM Java SDK 6.0.1 SR5 IBM Java SDK 6 SR13 HP Service Manager 9.31.2004 p2 |
Discussion
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
Oracle Java SE is prone to a remote vulnerability in the Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component.
This vulnerability affects the following supported versions:
7 Update 13 and prior
6 Update 39 and prior
Oracle Java SE is prone to a remote vulnerability in the Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Deployment' sub-component.
This vulnerability affects the following supported versions:
7 Update 13 and prior
6 Update 39 and prior
Exploit / POC
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references or vendor advisory for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva java-1.6.0-openjdk-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-35.b24.3mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva java-1.6.0-openjdk-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-demo-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-devel-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-javadoc-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva java-1.6.0-openjdk-src-1.6.0.0-35.b24.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
References:
References:
- HPSBMU02874 rev.3 - HP Service Manager and ServiceCenter, Java Runtime Environme (HP)
- IBM Security alerts (IBM)
- Oracle Java Homepage (Oracle)
- 3.2.2-TIV-ITSAMP-FP0006, Tivoli System Automation for Multiplatforms (IBM)
- 3.2.2-TIV-SAAM-FP0002, Tivoli System Automation Application Manager (IBM)
- About the security content of Java for OS X 2013-001 and Mac OS X v10.6 Update 1 (Apple)
- Advisory (ICSA-17-213-02) Schneider Electric Trio TView (CERT)
- GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus (IBM)
- HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE (HP)
- HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, D (HP)
- IBM Tivoli Business Service Manager V6.1.1.0 Intr Fix 1(6.1.1.0-TIV-BSM-IF0001) (IBM)
- IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in (IBM)
- IBM WebSphere Message Broker Security Vulnerability: Multiple security vulnerabi (IBM)
- Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus (IBM)
- Oracle Java Critical Patch Update (February 2013) - Special Update (Avaya)
- Potential security vulnerabilities with JavaTM SDKs (IBM)
- Security Bulletin #2: IBM Tivoli System Automation Application Manager 3.2.2 (IBM)
- Security Bulletin #2: IBM Tivoli System Automation for Multiplatforms 3.2.2 (IBM)
- Security Bulletin: IBM Endpoint Manager for Remote Control is affected by multip (IBM)
- Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: M (IBM)
- Security Bulletin: IBM Smart Analytics System 5600 is affected by vulnerabilitie (IBM)
- Security Bulletin: IBM Tivoli System Automation for Integrated Operations (IBM)
- Security Bulletin: Rational Host On-Demand clients affected by vulnerabilities i (IBM)
- Security Bulletin: Tivoli Business Service Manager clients affected by vulnerabi (IBM)
- Security Bulletin: Tivoli Endpoint Manager for Remote Control is affected by mul (IBM)
- Security Bulletin: Tivoli Remote Control is affected by multiple Java vulnerabil (IBM)
- Tivoli Netcool/OMNIbus 7.2.1 Fix Pack 13, 7.2.1-TIV-NCOMNIbus-FP0014 (IBM)
- Tivoli Netcool/OMNIbus 7.3.0 Fix Pack 12, 7.3.0-TIV-NCOMNIbus-FP0012 (IBM)
- Tivoli Netcool/OMNIbus 7.3.1 Fix Pack 7, 7.3.1-TIV-NCOMNIbus-FP0007 (IBM)
- Tivoli Netcool/OMNIbus 7.4.0 Fix Pack 2, 7.4.0-TIV-NCOMNIbus-FP0002 (IBM)
- Updated Release of the February 2013 Oracle Java SE Critical Patch Update (Oracle)
- WebSphere MQ Security Vulnerability: multiple security vulnerabilities in IBM JR (IBM)