Lucene search

K

[email protected]CVE-2013-2446

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2446

2013-06-1822:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

67

cve-2013-2446

java runtime environment

oracle

remote attack

confidentiality

corba

openjdk

nvd

security vulnerability

5.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

References

advisories.mageia.org/MGASA-2013-0185.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

hg.openjdk.java.net/jdk7u/jdk7u-dev/corba/rev/161ec4dd450d

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545505800971&w=2

marc.info/?l=bugtraq&m=137545592101387&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1081.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60620

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=975132

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16311

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19062

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19225

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19658

5.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

Related for CVE-2013-2446

veracode11 cvelist1 prion1 ubuntucve1 suse12 nessus49 openvas44 amazon2 redhat10 oraclelinux3 centos3 mageia2 debian2 ubuntu3 securityvulns1 ibm14 gentoo2