Lucene search

K

[email protected]CVE-2013-0433

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-0433

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

83

cve-2013-0433

oracle java

java runtime environment

jre

remote attack

networking

integrity

vulnerability

8.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.9%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

References

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8

lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57719

www.us-cert.gov/cas/techalerts/TA13-032A.html

bugzilla.redhat.com/show_bug.cgi?id=907456

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16537

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19405

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19459

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19468

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

8.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

84.9%

Related for CVE-2013-0433

prion1 veracode1 ubuntucve1 freebsd1 nessus47 openvas46 ibm11 suse12 fedora5 redhat10 oraclelinux3 centos3 amazon1 ubuntu1 cert1 securityvulns1 gentoo1