Lucene search

K

[email protected]CVE-2013-1478

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-1478

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

102

cve-2013-1478

java

jre

oracle

openjdk

vulnerability

2d

remote attack

confidentiality

integrity

availability

integer overflow

memory corruption

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.093 Low

EPSS

Percentile

94.7%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “insufficient validation of raster parameters” that can trigger an integer overflow and memory corruption.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

Rows per page:

1-10 of 871

References

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/d89bd26ac435

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21645566

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57686

www.us-cert.gov/cas/techalerts/TA13-032A.html

bugzilla.redhat.com/show_bug.cgi?id=906894

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15733

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19429

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19454

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19529

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

8.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.093 Low

EPSS

Percentile

94.7%

Related for CVE-2013-1478

prion1 cvelist1 veracode1 ubuntucve1 securityvulns2 ibm13 amazon2 nessus48 openvas45 suse13 fedora5 redhat10 oraclelinux3 centos3 ubuntu1 cert1 gentoo1