5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through
Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity
via unknown vectors related to Networking. NOTE: the previous information
is from the February 2013 CPU. Oracle has not commented on claims from
another vendor that this issue allows remote attackers to avoid triggering
an exception during the deserialization of invalid InetSocketAddress data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | openjdk-6 | < 6b27-1.12.3-0ubuntu1~08.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.12.10.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.12.10.1 | UNKNOWN |
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
launchpad.net/bugs/cve/CVE-2013-0433
nvd.nist.gov/vuln/detail/CVE-2013-0433
security-tracker.debian.org/tracker/CVE-2013-0433
ubuntu.com/security/notices/USN-1724-1
www.cve.org/CVERecord?id=CVE-2013-0433