10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.048 Low
EPSS
Percentile
92.6%
Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through
Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote
attackers to affect confidentiality, integrity, and availability via
vectors related to CORBA. NOTE: the previous information is from the
February 2013 CPU. Oracle has not commented on claims from another vendor
that this issue is related to “IIOP type reuse management” in
ObjectStreamClass.java.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | openjdk-6 | < 6b27-1.12.3-0ubuntu1~08.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.10.04.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b27-1.12.1-2ubuntu0.12.10.2 | UNKNOWN |
ubuntu | 11.10 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.11.10.2 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 7u13-2.3.6-0ubuntu0.12.10.1 | UNKNOWN |
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
launchpad.net/bugs/cve/CVE-2013-1475
nvd.nist.gov/vuln/detail/CVE-2013-1475
security-tracker.debian.org/tracker/CVE-2013-1475
ubuntu.com/security/notices/USN-1724-1
www.cve.org/CVERecord?id=CVE-2013-1475