Lucene search

K

PRIOn knowledge basePRION:CVE-2013-2426

HistoryApr 17, 2013 - 6:55 p.m.

Design/Logic Flaw

2013-04-1718:55:00

PRIOn knowledge base

www.prio-n.com

6

5.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.9%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.

CPENameOperatorVersion
jdkeq1.7.0 update6
jdkeq1.7.0 update5
jdkeq1.7.0 update7
jdkeq1.7.0 update2
jdkeq1.7.0 update13
jdkle1.7.0
jdkeq1.7.0 update11
jdkeq1.7.0
jdkeq1.7.0 update9
jdkeq1.7.0 update15

Rows per page:

1-10 of 281

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/98ad2f1e25d1

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

bugzilla.redhat.com/show_bug.cgi?id=952653

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16683

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

5.7 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.925 High

EPSS

Percentile

98.9%

Related for PRION:CVE-2013-2426

zdi1 cve2 ubuntucve2 veracode1 checkpoint_advisories1 prion1 openvas31 suse1 nessus35 ubuntu2 centos3 amazon2 redhat5 oraclelinux3 fedora3 ibm13 securityvulns1 gentoo2