CVE-2013-0441

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2013-0441

oracle

java

jre

vulnerability

remote attackers

confidentiality

integrity

availability

corba

openjdk

sandbox restrictions

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.4%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka “missing serialization restriction.”

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	eq	1.7.0
oracle:jdk	oracle jdk	eq	1.7.0
sun:jre	sun jre	eq	1.6.0
oracle:jre	oracle jre	eq	1.6.0
sun:jdk	sun jdk	eq	1.6.0
oracle:jdk	oracle jdk	eq	1.6.0
sun:jre	sun jre	eq	1.5.0
oracle:jre	oracle jre	eq	1.5.0
sun:jdk	sun jdk	eq	1.5.0
oracle:jdk	oracle jdk	eq	1.5.0