Lucene search

K

[email protected]CVE-2013-1480

HistoryFeb 02, 2013 - 12:55 a.m.

CVE-2013-1480

2013-02-0200:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

72

cve-2013-1480

java

jre

vulnerability

confidentiality

integrity

availability

awt

remote attackers

memory corruption

nvd

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.156 Low

EPSS

Percentile

95.9%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “insufficient validation of raster parameters” in awt_parseImage.c, which triggers memory corruption.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

Rows per page:

1-10 of 871

References

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57691

www.us-cert.gov/cas/techalerts/TA13-032A.html

bugzilla.redhat.com/show_bug.cgi?id=906904

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16045

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18845

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19351

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19504

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.156 Low

EPSS

Percentile

95.9%

Related for CVE-2013-1480

veracode1 ubuntucve1 prion1 zdi1 securityvulns2 ibm11 suse13 nessus47 openvas44 fedora5 redhat10 centos3 oraclelinux3 amazon1 ubuntu1 cert1 gentoo1