Lucene search

K

[email protected]CVE-2013-2443

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2443

2013-06-1822:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

73

cve-2013-2443

oracle

java

vulnerability

jre

remote attackers

confidentiality

access control

5.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.6%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect “checking order” within the AccessControlContext class.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

References

advisories.mageia.org/MGASA-2013-0185.html

hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545505800971&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1081.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www-01.ibm.com/support/docview.wss?uid=swg21644197

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60646

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=975137

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19299

5.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.6%

Related for CVE-2013-2443

prion3 ubuntucve3 cve2 veracode13 zdi1 openvas44 amazon2 nessus49 redhat10 centos3 oraclelinux3 suse12 debian2 mageia2 ubuntu3 ibm15 securityvulns1 gentoo2