Lucene search

K

PRIOn knowledge basePRION:CVE-2013-0450

HistoryFeb 02, 2013 - 12:55 a.m.

Improper access control

2013-02-0200:55:00

PRIOn knowledge base

www.prio-n.com

1

6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

91.8%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of “access control context” in the JMX RequiredModelMBean class.

CPENameOperatorVersion
jdkeq1.7.0 update6
jdkeq1.7.0 update5
jdkeq1.7.0 update7
jdkeq1.7.0 update2
jdkeq1.7.0 update11
jdkeq1.7.0
jdkeq1.7.0 update9
jdkeq1.7.0 update3
jdkeq1.7.0 update1
jdkeq1.7.0 update10

Rows per page:

1-10 of 1641

References

icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e0d9f4942af

lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

rhn.redhat.com/errata/RHSA-2013-0236.html

rhn.redhat.com/errata/RHSA-2013-0237.html

rhn.redhat.com/errata/RHSA-2013-0245.html

rhn.redhat.com/errata/RHSA-2013-0246.html

rhn.redhat.com/errata/RHSA-2013-0247.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/858729

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

www.securityfocus.com/bid/57703

www.us-cert.gov/cas/techalerts/TA13-032A.html

bugzilla.redhat.com/show_bug.cgi?id=906911

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

marc.info/?l=bugtraq&m=136733161405818&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16550

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19286

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19363

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19572

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

6 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.04 Low

EPSS

Percentile

91.8%

Related for PRION:CVE-2013-0450

ubuntucve1 veracode1 seebug1 cve1 openvas44 suse9 nessus45 fedora5 redhat10 oraclelinux3 centos3 amazon1 ibm10 ubuntu1 cert1 securityvulns1 gentoo1