CVE-2013-2419
8.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.057 Low
EPSS
Percentile
93.2%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “font processing errors” in the International Components for Unicode (ICU) Layout Engine before 51.2.
References
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
bugs.icu-project.org/trac/ticket/10107
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
marc.info/?l=bugtraq&m=137283787217316&w=2
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
rhn.redhat.com/errata/RHSA-2013-0758.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
security.gentoo.org/glsa/glsa-201406-32.xml
site.icu-project.org/download/51#TOC-Known-Issues
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.securityfocus.com/bid/59131
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
bugzilla.redhat.com/show_bug.cgi?id=952656
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Related
8.4 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.057 Low
EPSS
Percentile
93.2%