CVE-2013-0434

2013-02-0100:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.007

Percentile

80.6%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote
attackers to affect confidentiality via vectors related to JAXP. NOTE: the
previous information is from the February 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to the
public declaration of the loadPropertyFile method in the JAXP
FuncSystemProperty class, which allows remote attackers to obtain sensitive
information.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~08.04.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.10.04.2UNKNOWN
ubuntu11.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.10.2UNKNOWN
ubuntu11.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~08.04.1	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.10.04.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.04.2	UNKNOWN
ubuntu	12.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.10.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.10.1	UNKNOWN