CVE-2013-0440

2013-02-0100:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.067 Low

EPSS

Percentile

93.9%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers
to affect availability via vectors related to JSSE. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to CPU consumption in
the SSL/TLS implementation via a large number of ClientHello packets that
are not properly handled by (1) ClientHandshaker.java and (2)
ServerHandshaker.java.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchopenjdk-6< 6b27-1.12.3-0ubuntu1~08.04.1UNKNOWN
ubuntu10.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.10.04.2UNKNOWN
ubuntu11.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b27-1.12.1-2ubuntu0.12.10.2UNKNOWN
ubuntu11.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.11.10.2UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u13-2.3.6-0ubuntu0.12.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	openjdk-6	< 6b27-1.12.3-0ubuntu1~08.04.1	UNKNOWN
ubuntu	10.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.10.04.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.04.2	UNKNOWN
ubuntu	12.10	noarch	openjdk-6	< 6b27-1.12.1-2ubuntu0.12.10.2	UNKNOWN
ubuntu	11.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.11.10.2	UNKNOWN
ubuntu	12.04	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.04.1	UNKNOWN
ubuntu	12.10	noarch	openjdk-7	< 7u13-2.3.6-0ubuntu0.12.10.1	UNKNOWN