Key Information Summary Vulnerability Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities Security Bulletin Number: HPSBUX02889 SSRT101252 rev.1 Release Date: 2013-07-01 Update Date: 2013-07-01 Potential Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team Vulnerability Description: - Security vulnerabilities exist in the Java Runtime Environment (JRE) and Java Developer Kit (JDK) when running on HP-UX. - These vulnerabilities may lead to remote unauthorized access, information disclosure, and other exploits. Reference CVE IDs: - CVE-2013-0401 - CVE-2013-1491 - CVE-2013-1518 - etc., totaling 29 CVE IDs. Affected Software Versions: - HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE v6.0.18 and earlier versions. CVSS 2.0 Base Score: Ranges from 4.3 to 10.0. Solution: - HP provides Java version upgrades to address these issues. - Upgrades are available at: http://www.hp.com/java Operating System Versions and Release Versions: - HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.19 or later versions Manual Action Required: - Yes – Upgrade Java v6.0 to Java v6.0.19 or later.