Veracode Vulnerability DatabaseVERACODE:14091Improper Access Control
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
OpenJDK is vulnerable to improper access control. The vulnerability exists in the Java Runtime Environment (JRE) component in Oracle Java SE. Remote attackers could affect confidentiality, integrity and availability via unknown vectors related to 2D.
References
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
bugs.icu-project.org/trac/ticket/10107
bugs.icu-project.org/trac/ticket/10107
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7
icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
marc.info/?l=bugtraq&m=137283787217316&w=2
marc.info/?l=bugtraq&m=137283787217316&w=2
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
rhn.redhat.com/errata/RHSA-2013-0757.html
rhn.redhat.com/errata/RHSA-2013-0758.html
rhn.redhat.com/errata/RHSA-2013-0758.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1455.html
rhn.redhat.com/errata/RHSA-2013-1456.html
rhn.redhat.com/errata/RHSA-2013-1456.html
security.gentoo.org/glsa/glsa-201406-32.xml
security.gentoo.org/glsa/glsa-201406-32.xml
site.icu-project.org/download/51#TOC-Known-Issues
site.icu-project.org/download/51#TOC-Known-Issues
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.securityfocus.com/bid/59166
www.securityfocus.com/bid/59166
www.ubuntu.com/usn/USN-1806-1
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
www.us-cert.gov/ncas/alerts/TA13-107A
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=952711
bugzilla.redhat.com/show_bug.cgi?id=952711
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16697
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16697
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19327
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19327
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19556
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19556
rhn.redhat.com/errata/RHSA-2013-0751.html
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C