CVE-2013-0424

2013-02-0100:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.6%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers
to affect integrity via vectors related to RMI. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to cross-site
scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does
not properly handle error messages in a (1) command or (2) port number.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~08.04.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.10.04.2UNKNOWN
ubuntu11.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.10.2UNKNOWN
ubuntu11.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~08.04.1	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.10.04.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.04.2	UNKNOWN
ubuntu	12.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.10.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.10.1	UNKNOWN