Lucene search

K

[email protected]CVE-2013-1476

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-1476

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

65

cve-2013-1476

java

oracle

openjdk

remote attackers

confidentiality

integrity

availability

corba

sandbox restrictions

vulnerability

nvd

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.4%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via “certain value handler constructors.”

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

Rows per page:

1-10 of 871

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210

lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57696

www.us-cert.gov/cas/techalerts/TA13-032A.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16652

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19466

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19475

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19507

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

8.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.059 Low

EPSS

Percentile

93.4%

Related for CVE-2013-1476

cve2 prion3 ubuntucve3 veracode3 suse15 openvas48 nessus52 fedora5 oraclelinux3 centos3 redhat14 amazon1 ibm11 ubuntu1 cert1 securityvulns1 gentoo1