Lucene search

Veracode Vulnerability DatabaseVERACODE:10973

HistoryJan 15, 2019 - 8:54 a.m.

Insecure Authorization

2019-01-1508:54:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

JSON

openjdk is vulnerable to insecure authorization. The 2D component created shared memory segments with insecure permissions, allowing a local attacker to exploit the vulnerability to read or write to the shared memory segment.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.8.0.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdkeq1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdkeq1.7.0.19__2.3.9.1.el6_4
java-1.7.0-openjdkeq1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdkeq1.7.0.3__2.1.el6.7
java-1.7.0-openjdkeq1.7.0.19__2.3.9.1.el5_9

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.8.0.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.19__2.3.9.1.el6_4
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdk	eq	1.7.0.3__2.1.el6.7
java-1.7.0-openjdk	eq	1.7.0.19__2.3.9.1.el5_9

Rows per page:

1-10 of 1261

References

advisories.mageia.org/MGASA-2013-0185.html

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=975148

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/1111f9acb96b

icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545592101387&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1081.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www-01.ibm.com/support/docview.wss?uid=swg21644197

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60627

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

access.redhat.com/security/updates/classification/#critical

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17221

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19663

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19726

rhn.redhat.com/errata/RHBA-2013-0959.html

rhn.redhat.com/errata/RHSA-2013-0957.html

twitter.com/timb_machine/status/347110990124568577

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:10973