copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.2400 - [OpenVMS] HP OpenVMS: Multiple vulnerabilities

Date: 15 December 2014
References: ASB-2013.0013  ASB-2013.0025  ASB-2013.0057  ASB-2013.0058  ASB-2013.0075  ASB-2013.0113  ASB-2013.0124  ASB-2014.0005  ASB-2014.0015  ASB-2014.0077  
ESB-2016.1296  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.2400
       HPSBOV03197 rev.1 - HP OpenVMS running Java, Multiple Remote
                              Vulnerabilities
                             15 December 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           HP OpenVMS
Publisher:         Hewlett-Packard
Operating System:  OpenVMS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Modify Arbitrary Files          -- Remote/Unauthenticated
                   Delete Arbitrary Files          -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-0428 CVE-2014-0424 CVE-2014-0423
                   CVE-2014-0422 CVE-2014-0418 CVE-2014-0417
                   CVE-2014-0416 CVE-2014-0415 CVE-2014-0411
                   CVE-2014-0410 CVE-2014-0403 CVE-2014-0387
                   CVE-2014-0376 CVE-2014-0375 CVE-2014-0373
                   CVE-2014-0368 CVE-2013-5910 CVE-2013-5907
                   CVE-2013-5906 CVE-2013-5905 CVE-2013-5902
                   CVE-2013-5899 CVE-2013-5898 CVE-2013-5896
                   CVE-2013-5889 CVE-2013-5888 CVE-2013-5887
                   CVE-2013-5884 CVE-2013-5878 CVE-2013-5852
                   CVE-2013-5850 CVE-2013-5849 CVE-2013-5848
                   CVE-2013-5843 CVE-2013-5842 CVE-2013-5840
                   CVE-2013-5832 CVE-2013-5831 CVE-2013-5830
                   CVE-2013-5829 CVE-2013-5825 CVE-2013-5824
                   CVE-2013-5823 CVE-2013-5820 CVE-2013-5819
                   CVE-2013-5818 CVE-2013-5817 CVE-2013-5814
                   CVE-2013-5812 CVE-2013-5809 CVE-2013-5804
                   CVE-2013-5803 CVE-2013-5802 CVE-2013-5801
                   CVE-2013-5797 CVE-2013-5790 CVE-2013-5789
                   CVE-2013-5787 CVE-2013-5784 CVE-2013-5783
                   CVE-2013-5782 CVE-2013-5780 CVE-2013-5778
                   CVE-2013-5776 CVE-2013-5774 CVE-2013-5772
                   CVE-2013-4002 CVE-2013-3829 CVE-2013-3743
                   CVE-2013-2473 CVE-2013-2472 CVE-2013-2471
                   CVE-2013-2470 CVE-2013-2469 CVE-2013-2468
                   CVE-2013-2467 CVE-2013-2466 CVE-2013-2465
                   CVE-2013-2464 CVE-2013-2463 CVE-2013-2461
                   CVE-2013-2459 CVE-2013-2457 CVE-2013-2456
                   CVE-2013-2455 CVE-2013-2454 CVE-2013-2453
                   CVE-2013-2452 CVE-2013-2451 CVE-2013-2450
                   CVE-2013-2448 CVE-2013-2447 CVE-2013-2446
                   CVE-2013-2445 CVE-2013-2444 CVE-2013-2443
                   CVE-2013-2442 CVE-2013-2440 CVE-2013-2439
                   CVE-2013-2437 CVE-2013-2435 CVE-2013-2433
                   CVE-2013-2432 CVE-2013-2430 CVE-2013-2429
                   CVE-2013-2424 CVE-2013-2420 CVE-2013-2419
                   CVE-2013-2418 CVE-2013-2417 CVE-2013-2412
                   CVE-2013-2407 CVE-2013-2394 CVE-2013-2384
                   CVE-2013-2383 CVE-2013-1571 CVE-2013-1569
                   CVE-2013-1563 CVE-2013-1558 CVE-2013-1557
                   CVE-2013-1540 CVE-2013-1537 CVE-2013-1518
                   CVE-2013-1500 CVE-2013-1491 CVE-2013-1487
                   CVE-2013-1486 CVE-2013-1481 CVE-2013-1480
                   CVE-2013-1479 CVE-2013-1478 CVE-2013-1476
                   CVE-2013-1475 CVE-2013-1473 CVE-2013-0450
                   CVE-2013-0446 CVE-2013-0445 CVE-2013-0443
                   CVE-2013-0442 CVE-2013-0441 CVE-2013-0440
                   CVE-2013-0438 CVE-2013-0435 CVE-2013-0434
                   CVE-2013-0433 CVE-2013-0432 CVE-2013-0430
                   CVE-2013-0429 CVE-2013-0425 CVE-2013-0424
                   CVE-2013-0423 CVE-2013-0419 CVE-2013-0409
                   CVE-2013-0401 CVE-2013-0351 CVE-2013-0169
                   CVE-2012-3342 CVE-2012-3213 CVE-2012-1541

Reference:         ASB-2014.0077
                   ASB-2014.0015
                   ASB-2014.0005
                   ASB-2013.0124
                   ASB-2013.0113
                   ASB-2013.0075
                   ASB-2013.0058
                   ASB-2013.0057
                   ASB-2013.0025
                   ASB-2013.0013

Original Bulletin: 
   http://alerts.hp.com/r?2.1.3KT.2ZR.xdUfW.LQ5Bns..T.hTeO.8lI4.bW89MQ%5f%5fDGFCFRS0

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04529337

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04529337
Version: 1

HPSBOV03197 rev.1 - HP OpenVMS running Java, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-12-12
Last Updated: 2014-12-12

Potential Security Impact: Multiple Remote vulnerabilities

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP OpenVMS Java.
The vulnerabilities could be exploited remotely to create a Denial of Service
(DoS), disclose information, and other vulnerabilities.

References: CVE-2012-1541
 CVE-2012-3213
 CVE-2012-3342
 CVE-2013-0169
 CVE-2013-0351

CVE-2013-0401
 CVE-2013-0409
 CVE-2013-0419
 CVE-2013-0423
 CVE-2013-0424

CVE-2013-0425
 CVE-2013-0429
 CVE-2013-0430
 CVE-2013-0432
 CVE-2013-0433

CVE-2013-0434
 CVE-2013-0435
 CVE-2013-0438
 CVE-2013-0440
 CVE-2013-0441

CVE-2013-0442
 CVE-2013-0443
 CVE-2013-0445
 CVE-2013-0446
 CVE-2013-0450

CVE-2013-1473
 CVE-2013-1475
 CVE-2013-1476
 CVE-2013-1478
 CVE-2013-1479

CVE-2013-1480
 CVE-2013-1481
 CVE-2013-1486
 CVE-2013-1487
 CVE-2013-1491

CVE-2013-1500
 CVE-2013-1518
 CVE-2013-1537
 CVE-2013-1540
 CVE-2013-1557

CVE-2013-1558
 CVE-2013-1563
 CVE-2013-1569
 CVE-2013-1571
 CVE-2013-2383

CVE-2013-2384
 CVE-2013-2394
 CVE-2013-2407
 CVE-2013-2412
 CVE-2013-2417

CVE-2013-2418
 CVE-2013-2419
 CVE-2013-2420
 CVE-2013-2424
 CVE-2013-2429

CVE-2013-2430
 CVE-2013-2432
 CVE-2013-2433
 CVE-2013-2435
 CVE-2013-2437

CVE-2013-2439
 CVE-2013-2440
 CVE-2013-2442
 CVE-2013-2443
 CVE-2013-2444

CVE-2013-2445
 CVE-2013-2446
 CVE-2013-2447
 CVE-2013-2448
 CVE-2013-2450

CVE-2013-2451
 CVE-2013-2452
 CVE-2013-2453
 CVE-2013-2454
 CVE-2013-2455

CVE-2013-2456
 CVE-2013-2457
 CVE-2013-2459
 CVE-2013-2461
 CVE-2013-2463

CVE-2013-2464
 CVE-2013-2465
 CVE-2013-2466
 CVE-2013-2467
 CVE-2013-2468

CVE-2013-2469
 CVE-2013-2470
 CVE-2013-2471
 CVE-2013-2472
 CVE-2013-2473

CVE-2013-3743
 CVE-2013-3829
 CVE-2013-4002
 CVE-2013-5772
 CVE-2013-5774

CVE-2013-5776
 CVE-2013-5778
 CVE-2013-5780
 CVE-2013-5782
 CVE-2013-5783

CVE-2013-5784
 CVE-2013-5787
 CVE-2013-5789
 CVE-2013-5790
 CVE-2013-5797

CVE-2013-5801
 CVE-2013-5802
 CVE-2013-5803
 CVE-2013-5804
 CVE-2013-5809

CVE-2013-5812
 CVE-2013-5814
 CVE-2013-5817
 CVE-2013-5818
 CVE-2013-5819

CVE-2013-5820
 CVE-2013-5823
 CVE-2013-5824
 CVE-2013-5825
 CVE-2013-5829

CVE-2013-5830
 CVE-2013-5831
 CVE-2013-5832
 CVE-2013-5840
 CVE-2013-5842

CVE-2013-5843
 CVE-2013-5848
 CVE-2013-5849
 CVE-2013-5850
 CVE-2013-5852

CVE-2013-5878
 CVE-2013-5884
 CVE-2013-5887
 CVE-2013-5888
 CVE-2013-5889

CVE-2013-5896
 CVE-2013-5898
 CVE-2013-5899
 CVE-2013-5902
 CVE-2013-5905

CVE-2013-5906
 CVE-2013-5907
 CVE-2013-5910
 CVE-2014-0368
 CVE-2014-0373

CVE-2014-0375
 CVE-2014-0376
 CVE-2014-0387
 CVE-2014-0403
 CVE-2014-0410

CVE-2014-0411
 CVE-2014-0415
 CVE-2014-0416
 CVE-2014-0417
 CVE-2014-0418

CVE-2014-0422
 CVE-2014-0423
 CVE-2014-0424
 CVE-2014-0428
 SSRT101131

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenVMS Java JDK/JRE prior to v6.0-6

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
  Reference              Base Vector             Base Score
CVE-2012-1541    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2012-3213    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2012-3342    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0169    (AV:N/AC:H/Au:N/C:P/I:N/A:N)        2.6
CVE-2013-0351    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2013-0401    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0409    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-0419    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-0423    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-0424    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-0425    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0429    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-0430    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9
CVE-2013-0432    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4
CVE-2013-0433    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-0434    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-0435    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-0438    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2013-0440    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-0441    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0442    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0443    (AV:N/AC:H/Au:N/C:P/I:P/A:N)        4.0
CVE-2013-0445    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0446    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-0450    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1473    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-1475    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1476    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1478    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1479    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1480    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1481    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1486    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1487    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1491    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1500    (AV:L/AC:L/Au:N/C:P/I:P/A:N)        3.6
CVE-2013-1518    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1537    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1540    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2013-1557    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1558    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1563    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-1569    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-1571    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2013-2383    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2384    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2394    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-2407    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4
CVE-2013-2412    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2417    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-2418    (AV:L/AC:L/Au:N/C:P/I:P/A:P)        4.6
CVE-2013-2419    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-2420    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2424    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2429    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-2430    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-2432    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2433    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2013-2435    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2437    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2439    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9
CVE-2013-2440    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2442    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2013-2443    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2444    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-2445    (AV:N/AC:L/Au:N/C:N/I:N/A:C)        7.8
CVE-2013-2446    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2447    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2448    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-2450    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-2451    (AV:L/AC:H/Au:N/C:P/I:P/A:P)        3.7
CVE-2013-2452    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2453    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-2454    (AV:N/AC:M/Au:N/C:P/I:P/A:N)        5.8
CVE-2013-2455    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2456    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-2457    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-2459    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2461    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2013-2463    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2464    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2465    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2466    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2467    (AV:L/AC:M/Au:N/C:C/I:C/A:C)        6.9
CVE-2013-2468    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2469    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2470    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2471    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2472    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-2473    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-3743    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3
CVE-2013-3829    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4
CVE-2013-4002    (AV:N/AC:M/Au:N/C:N/I:N/A:C)        7.1
CVE-2013-5772    (AV:N/AC:H/Au:N/C:N/I:P/A:N)        2.6
CVE-2013-5774    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5776    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5778    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-5780    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2013-5782    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5783    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4
CVE-2013-5784    (AV:N/AC:M/Au:N/C:N/I:P/A:N)        4.3
CVE-2013-5787    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5789    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5790    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2013-5797    (AV:N/AC:M/Au:S/C:N/I:P/A:N)        3.5
CVE-2013-5801    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-5802    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2013-5803    (AV:N/AC:H/Au:N/C:N/I:N/A:P)        2.6
CVE-2013-5804    (AV:N/AC:L/Au:N/C:P/I:P/A:N)        6.4
CVE-2013-5809    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5812    (AV:N/AC:L/Au:N/C:P/I:N/A:P)        6.4
CVE-2013-5814    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5817    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5818    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5819    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5820    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5823    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-5824    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5825    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-5829    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5830    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5831    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5832    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3
CVE-2013-5840    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-5842    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5843    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5848    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2013-5849    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3
CVE-2013-5850    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3
CVE-2013-5852    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2013-5878    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2013-5884    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-5887    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-5888    (AV:L/AC:L/Au:N/C:P/I:P/A:P)        4.6
CVE-2013-5889    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3
CVE-2013-5896    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0
CVE-2013-5898    (AV:N/AC:H/Au:N/C:P/I:P/A:N)        4.0
CVE-2013-5899    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2013-5902    (AV:N/AC:H/Au:N/C:P/I:P/A:P)        5.1
CVE-2013-5905    (AV:N/AC:H/Au:N/C:P/I:P/A:P)        5.1
CVE-2013-5906    (AV:N/AC:H/Au:N/C:P/I:P/A:P)        5.1
CVE-2013-5907    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2013-5910    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2014-0368    (AV:N/AC:L/Au:N/C:P/I:N/A:N)        5.0
CVE-2014-0373    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2014-0375    (AV:N/AC:M/Au:N/C:P/I:P/A:N)        5.8
CVE-2014-0376    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2014-0387    (AV:N/AC:H/Au:N/C:C/I:C/A:C)        7.6
CVE-2014-0403    (AV:N/AC:M/Au:N/C:P/I:P/A:N)        5.8
CVE-2014-0410    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2014-0411    (AV:N/AC:H/Au:N/C:P/I:P/A:N)        4.0
CVE-2014-0415    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2014-0416    (AV:N/AC:L/Au:N/C:N/I:P/A:N)        5.0
CVE-2014-0417    (AV:N/AC:M/Au:N/C:C/I:C/A:C)        9.3
CVE-2014-0418    (AV:N/AC:H/Au:N/C:P/I:P/A:P)        5.1
CVE-2014-0422    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
CVE-2014-0423    (AV:N/AC:L/Au:S/C:P/I:N/A:P)        5.5
CVE-2014-0424    (AV:N/AC:L/Au:N/C:P/I:P/A:P)        7.5
CVE-2014-0428    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0
===========================================================
             Information on CVSS is documented
            in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has made the following software update available to resolve the
vulnerabilities with HP OpenVMS Intergiry Servers running Java.

HP OpenVMS JDK 6.0-6 package including JRE 6.0-6 is available from the
following location:

http://h18012.www1.hp.com/java/download/index.html

HISTORY
Version:1 (rev.1) - 12 December 2014 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel.  For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlSLYdYACgkQ4B86/C0qfVnF7ACcDNDD0oHOkdH+39yTfGWhqQEJ
Cf8AnjFMbaNrJtUTBeRMw6b5Vru/B4nO
=8RcF
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVI9p5RLndAQH1ShLAQLu0xAAjkjV07UZJhhaBW2dJ/RrINrUBgLoPhg9
v3ErcipSy53v5amAN1w8k1pI43vAi6kzjDu/EMRBssZPq2TOL8/uzUjNCFLr0Oup
Xg7fI7aXy3mabyowZfsI9RPDiMKLYTRGomzNlTJYDt+ATNWHZxk0CyODOzPb73eB
sHPnh16bypP1uMr1PnoPLu8YRUzJDvKuw75L77hJ1dUvSbEAJRp4xryAdkO9u6eX
DVUna+rvhLMq2AYhg/sRdWj5RTazQavU5daaaoSJvj1tYeq20nAXxCHYIgaNn94O
R9/04bdjSGGQmGgRM+XuLxIjVwVCyM1Ec1Rx9nA58wLGZ2cw7vYYdB6ltevDHpmS
KjL4yjryKzyMSpmlFV65taSHjykH4Hj13jqCwbGA4DDd1RBunQBJqVYE1EoVcjm8
ihFR25VkAwmK/Qa0qwJ50A09J8Zu0cIhrBO+EDvtTJ2D1ZnmrJZqW6rN/Po8EhO5
c7wVezBXPC1gDzUI1YhIdSPvmVOOvJa1ZBRJPBoRdCEqsb0PbTlwrBJSaEa9X891
kAcBjm1l9PEYlPW6RnB4tjyXlzNK2AdRiRY44pbwwVz4pScST+Am/TJhn+PunaMw
36AlyLAFwiEUB/RF3d8bXKkY3iRxLBCShqoMcJpzGzlCW1WcYjTh5ltwuf6S9kD/
v6P8xxlnBhg=
=rKSq
-----END PGP SIGNATURE-----