Lucene search

K

[email protected]CVE-2013-0434

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-0434

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

79

cve-2013-0434

java

jre

oracle

vulnerability

confidentiality

remote attack

jaxp

openjdk

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

Rows per page:

1-10 of 871

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b

lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57730

www.us-cert.gov/cas/techalerts/TA13-032A.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

7.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

Related for CVE-2013-0434

cvelist1 ubuntucve1 veracode1 prion1 suse15 nessus48 openvas48 ibm11 fedora5 redhat10 oraclelinux3 centos3 amazon1 ubuntu1 cert1 securityvulns1 gentoo1