5.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
80.1%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
jdk | eq | 1.7.0 update6 | |
jdk | eq | 1.7.0 update5 | |
jdk | eq | 1.7.0 update7 | |
jdk | eq | 1.7.0 update2 | |
jdk | eq | 1.7.0 update11 | |
jdk | eq | 1.7.0 | |
jdk | eq | 1.7.0 update9 | |
jdk | eq | 1.7.0 update3 | |
jdk | eq | 1.7.0 update1 | |
jdk | eq | 1.7.0 update10 |
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453
icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS
icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b
lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html
lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html
rhn.redhat.com/errata/RHSA-2013-0236.html
rhn.redhat.com/errata/RHSA-2013-0237.html
rhn.redhat.com/errata/RHSA-2013-0245.html
rhn.redhat.com/errata/RHSA-2013-0246.html
rhn.redhat.com/errata/RHSA-2013-0247.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.kb.cert.org/vuls/id/858729
www.mandriva.com/security/advisories?name=MDVSA-2013:095
www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
www.securityfocus.com/bid/57730
www.us-cert.gov/cas/techalerts/TA13-032A.html
marc.info/?l=bugtraq&m=136439120408139&w=2
marc.info/?l=bugtraq&m=136570436423916&w=2
marc.info/?l=bugtraq&m=136733161405818&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056