Lucene search

K

[email protected]CVE-2013-2448

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2448

2013-06-1822:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

68

cve-2013-2448

jre

oracle

java se 7

vulnerability

remote attackers

confidentiality

integrity

availability

openjdk

sandbox

access restrictions

nvd

5.5 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.136 Low

EPSS

Percentile

95.6%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient “access restrictions” and “robustness of sound classes.”

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0
sun:jresun jreeq1.5.0
oracle:jreoracle jreeq1.5.0
sun:jdksun jdkeq1.5.0
oracle:jdkoracle jdkeq1.5.0

References

advisories.mageia.org/MGASA-2013-0185.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/91ce9432f88d

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545505800971&w=2

marc.info/?l=bugtraq&m=137545592101387&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1081.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60640

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=975125

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17052

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19632

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19669

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19692

5.5 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.136 Low

EPSS

Percentile

95.6%

Related for CVE-2013-2448

prion1 veracode11 zdi1 ubuntucve1 cvelist1 openvas43 nessus48 amazon2 redhat10 oraclelinux3 centos3 mageia2 suse11 debian2 ubuntu3 securityvulns1 ibm14 gentoo2