Lucene search

[email protected]CVE-2013-0444

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-0444

2013-02-0200:55:02

[email protected]

web.nvd.nist.gov

cve-2013-0444

java

oracle

openjdk

vulnerability

beans

remote

confidentiality

integrity

availability

security

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “insufficient checks for cached results” by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.

Affected configurations

NVD

Node

oraclejreMatch1.7.0

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update9

Node

oraclejdkMatch1.7.0

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update9

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	eq	1.7.0

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0247.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.us-cert.gov/cas/techalerts/TA13-032A.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16614

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19349

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2013-0444

cvelist1 nvd1 ubuntucve1 veracode1 prion1 suse2 openvas16 nessus20 amazon1 redhat3 centos1 oraclelinux1 ubuntu1 ibm8 securityvulns1 cert1 gentoo1