Lucene search

K

PRIOn knowledge basePRION:CVE-2013-0440

HistoryFeb 02, 2013 - 12:55 a.m.

Design/Logic Flaw

2013-02-0200:55:00

PRIOn knowledge base

www.prio-n.com

2

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.067 Low

EPSS

Percentile

93.6%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.

CPENameOperatorVersion
jdkeq1.7.0 update6
jdkeq1.7.0 update5
jdkeq1.7.0 update7
jdkeq1.7.0 update2
jdkeq1.7.0 update11
jdkeq1.7.0
jdkeq1.7.0 update9
jdkeq1.7.0 update3
jdkeq1.7.0 update1
jdkeq1.7.0 update10

Rows per page:

1-10 of 2411

References

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65

lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57712

www.us-cert.gov/cas/techalerts/TA13-032A.html

bugzilla.redhat.com/show_bug.cgi?id=859140

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16558

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19229

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19285

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19397

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.067 Low

EPSS

Percentile

93.6%

Related for PRION:CVE-2013-0440

cve1 ibm36 veracode1 ubuntucve1 seebug1 openvas49 amazon2 nessus52 suse15 fedora5 oraclelinux3 centos3 redhat10 ubuntu1 cert1 securityvulns1 gentoo1