Lucene search

[email protected]CVE-2013-2422

HistoryApr 17, 2013 - 6:55 p.m.

CVE-2013-2422

2013-04-1718:55:07

[email protected]

web.nvd.nist.gov

cve-2013-2422

java runtime environment

oracle java se

openjdk

remote attackers

confidentiality

integrity

availability

libraries

improper method-invocation restrictions

java sandbox

nvd

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.081 Low

EPSS

Percentile

94.3%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.

Affected configurations

NVD

Node

oraclejreRange≤1.7.0update17

oraclejreMatch1.7.0

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update13

oraclejreMatch1.7.0update15

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update9

Node

oraclejdkRange≤1.7.0update17

oraclejdkMatch1.7.0

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update13

oraclejdkMatch1.7.0update15

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update9

Node

oraclejreRange≤1.6.0update43

oraclejreMatch1.6.0update22

oraclejreMatch1.6.0update23

oraclejreMatch1.6.0update24

oraclejreMatch1.6.0update25

oraclejreMatch1.6.0update26

oraclejreMatch1.6.0update27

oraclejreMatch1.6.0update29

oraclejreMatch1.6.0update30

oraclejreMatch1.6.0update31

oraclejreMatch1.6.0update32

oraclejreMatch1.6.0update33

oraclejreMatch1.6.0update34

oraclejreMatch1.6.0update35

oraclejreMatch1.6.0update37

oraclejreMatch1.6.0update38

oraclejreMatch1.6.0update39

oraclejreMatch1.6.0update41

sunjreMatch1.6.0

sunjreMatch1.6.0update_1

sunjreMatch1.6.0update_10

sunjreMatch1.6.0update_11

sunjreMatch1.6.0update_12

sunjreMatch1.6.0update_13

sunjreMatch1.6.0update_14

sunjreMatch1.6.0update_15

sunjreMatch1.6.0update_16

sunjreMatch1.6.0update_17

sunjreMatch1.6.0update_18

sunjreMatch1.6.0update_19

sunjreMatch1.6.0update_2

sunjreMatch1.6.0update_20

sunjreMatch1.6.0update_21

sunjreMatch1.6.0update_3

sunjreMatch1.6.0update_4

sunjreMatch1.6.0update_5

sunjreMatch1.6.0update_6

sunjreMatch1.6.0update_7

sunjreMatch1.6.0update_9

Node

oraclejdkRange≤1.6.0update43

oraclejdkMatch1.6.0update22

oraclejdkMatch1.6.0update23

oraclejdkMatch1.6.0update24

oraclejdkMatch1.6.0update25

oraclejdkMatch1.6.0update26

oraclejdkMatch1.6.0update27

oraclejdkMatch1.6.0update29

oraclejdkMatch1.6.0update30

oraclejdkMatch1.6.0update31

oraclejdkMatch1.6.0update32

oraclejdkMatch1.6.0update33

oraclejdkMatch1.6.0update34

oraclejdkMatch1.6.0update35

oraclejdkMatch1.6.0update37

oraclejdkMatch1.6.0update38

oraclejdkMatch1.6.0update39

oraclejdkMatch1.6.0update41

sunjdkMatch1.6.0

sunjdkMatch1.6.0update_10

sunjdkMatch1.6.0update_11

sunjdkMatch1.6.0update_12

sunjdkMatch1.6.0update_13

sunjdkMatch1.6.0update_14

sunjdkMatch1.6.0update_15

sunjdkMatch1.6.0update_16

sunjdkMatch1.6.0update_17

sunjdkMatch1.6.0update_18

sunjdkMatch1.6.0update_19

sunjdkMatch1.6.0update_20

sunjdkMatch1.6.0update_21

sunjdkMatch1.6.0update_3

sunjdkMatch1.6.0update_4

sunjdkMatch1.6.0update_5

sunjdkMatch1.6.0update_6

sunjdkMatch1.6.0update_7

sunjdkMatch1.6.0update1

sunjdkMatch1.6.0update1_b06

sunjdkMatch1.6.0update2

CPENameOperatorVersion
oracle:jreoracle jrele1.7.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	le	1.7.0

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2899c3dbf5e8

lists.apple.com/archives/security-announce/2013/Apr/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

marc.info/?l=bugtraq&m=137283787217316&w=2

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

rhn.redhat.com/errata/RHSA-2013-0758.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.securityfocus.com/bid/59228

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

bugzilla.redhat.com/show_bug.cgi?id=952642

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16561

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19087

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

8 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.081 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2013-2422

veracode1 cvelist1 nvd1 prion1 ubuntucve1 openvas36 nessus46 redhat9 oraclelinux3 securityvulns2 ubuntu2 suse6 amazon2 fedora3 centos3 ibm14 gentoo2