Lucene search

PRIOn knowledge basePRION:CVE-2013-2424

HistoryApr 17, 2013 - 6:55 p.m.

Improper access control

2013-04-1718:55:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “insufficient class access checks” when “creating new instances” using MBeanInstantiator.

CPENameOperatorVersion
jdkeq1.6.0 update33
jdkeq1.6.0 update25
jdkeq1.6.0 update29
jdkeq1.6.0 update31
jdkeq1.6.0 update27
jdkeq1.6.0 update24
jdkeq1.6.0 update23
jdkeq1.6.0 update22
jdkeq1.6.0 update32
jdkeq1.6.0 update26

Name	Operator	Version
jdk	eq	1.6.0 update33
jdk	eq	1.6.0 update25
jdk	eq	1.6.0 update29
jdk	eq	1.6.0 update31
jdk	eq	1.6.0 update27
jdk	eq	1.6.0 update24
jdk	eq	1.6.0 update23
jdk	eq	1.6.0 update22
jdk	eq	1.6.0 update32
jdk	eq	1.6.0 update26

Rows per page:

1-10 of 1801

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9

lists.apple.com/archives/security-announce/2013/Apr/msg00001.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

rhn.redhat.com/errata/RHSA-2013-0758.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.securityfocus.com/bid/59159

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

bugzilla.redhat.com/show_bug.cgi?id=952509

marc.info/?l=bugtraq&m=137283787217316&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16314

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19594

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19656

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for PRION:CVE-2013-2424