Lucene search

[email protected]CVE-2013-2421

HistoryApr 17, 2013 - 6:55 p.m.

CVE-2013-2421

2013-04-1718:55:07

[email protected]

web.nvd.nist.gov

cve-2013-2421

java

jre

oracle

openjdk

vulnerability

confidentiality

integrity

availability

hotspot

remote attackers

nvd

security

methodhandle

sandbox restrictions

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions.

Affected configurations

NVD

Node

oraclejreRange≤1.7.0update17

oraclejreMatch1.7.0

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update13

oraclejreMatch1.7.0update15

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update9

Node

oraclejdkRange≤1.7.0update17

oraclejdkMatch1.7.0

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update13

oraclejdkMatch1.7.0update15

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update9

CPENameOperatorVersion
oracle:jreoracle jrele1.7.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	le	1.7.0

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/663b5c744e82

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

bugzilla.redhat.com/show_bug.cgi?id=952649

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16258

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2013-2421

veracode1 cvelist1 nvd1 prion1 ubuntucve1 openvas31 suse1 nessus34 centos3 ubuntu2 oraclelinux3 amazon2 fedora3 redhat4 ibm13 securityvulns1 gentoo2