Amazon Linux Local Check: alas-2013-162

Published: 2015-09-08 11:25:16
CVE Author: NIST National Vulnerability Database

Technical Details:
Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484 )An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485 )It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169 )

Recommendations:
Run yum update java-1.7.0-openjdk to update your system.

Solution Type:
Vendor Patch

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Detection Type:
Linux Distribution Package

Summary:
Amazon Linux Local Security Checks

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2013-0169
https://nvd.nist.gov/vuln/detail/CVE-2013-1486
https://nvd.nist.gov/vuln/detail/CVE-2013-1485
https://nvd.nist.gov/vuln/detail/CVE-2013-1484

CVE Analysis

https://www.mageni.net/cve/CVE-2013-0169
https://www.mageni.net/cve/CVE-2013-1486
https://www.mageni.net/cve/CVE-2013-1485
https://www.mageni.net/cve/CVE-2013-1484

References:

https://alas.aws.amazon.com/ALAS-2013-162.html

Severity
High
CVSS Score
10.0
Published
2015-09-08
Modified
2018-10-01
Category
Amazon Linux Local Security Checks

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.