CVE-2013-2430
8 High
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.078 Low
EPSS
Percentile
94.2%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “JPEGImageReader state corruption” when using native code.
References
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/d868fe7c7618
lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
marc.info/?l=bugtraq&m=137283787217316&w=2
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
rhn.redhat.com/errata/RHSA-2013-0758.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.securityfocus.com/bid/59243
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
bugzilla.redhat.com/show_bug.cgi?id=952524
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15708
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19536
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19715
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Related
8 High
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.078 Low
EPSS
Percentile
94.2%