10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Oracle Java SE is vulnerable to arbitrary code execution attacks. Remote unauthenticated attackers could execute arbitrary code via unspecified vectors involving reflection, Libraries, “improper toString calls,” and the JDBC driver manager.
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=920247
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511
rhn.redhat.com/errata/RHSA-2013-0751.html
twitter.com/thezdi/status/309425888188043264
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130