Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:2992
[Rus]
Version
3
Class
patch
ALTXid
48531
Language
English
Severity
NotAvailable
Title
ELSA-2013:0625: java-1.6.0-ibm security update
Description
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
Family
unix
Platform
Oracle Linux 6
Product
java-1.6.0-ibm
Reference
VENDOR: ELSA-2013:0625-02
VENDOR: ELSA-2013:0625-02
Id:
ELSA-2013:0625-02
Reference:
http://linux.oracle.com/errata/ELSA-2013-0625.html
CVE: CVE-2012-1541
CVE: CVE-2012-1541
Id:
CVE-2012-1541
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
20130201 Multiple Vendor WebKit JRE Plugin Module Use-after-Free Vulnerability (IDEFENSE)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57697 (BID)
oval:org.mitre.oval:def:19499 (OVAL)
oval:org.mitre.oval:def:19070 (OVAL)
oval:org.mitre.oval:def:16384 (OVAL)
CVE: CVE-2012-3213
CVE: CVE-2012-3213
Id:
CVE-2012-3213
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57717 (BID)
oval:org.mitre.oval:def:19464 (OVAL)
oval:org.mitre.oval:def:19119 (OVAL)
oval:org.mitre.oval:def:16512 (OVAL)
CVE: CVE-2012-3342
CVE: CVE-2012-3342
Id:
CVE-2012-3342
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57700 (BID)
oval:org.mitre.oval:def:19274 (OVAL)
oval:org.mitre.oval:def:19198 (OVAL)
oval:org.mitre.oval:def:16287 (OVAL)
CVE: CVE-2012-5085
CVE: CVE-2012-5085
Id:
CVE-2012-5085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5085
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE.
CVSSv2 Score:
0
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:N
CWE:
CWE-Other ()
References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html (CONFIRM)
RHSA-2012:1391 (REDHAT)
RHSA-2012:1385 (REDHAT)
RHSA-2012:1386 (REDHAT)
RHSA-2012:1392 (REDHAT)
openSUSE-SU-2012:1423 (SUSE)
SSRT101042 (HP)
SUSE-SU-2012:1398 (SUSE)
SSRT101043 (HP)
51029 (SECUNIA)
51028 (SECUNIA)
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf (CONFIRM)
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html (CONFIRM)
51141 (SECUNIA)
51166 (SECUNIA)
MDVSA-2013:150 (MANDRIVA)
GLSA-201406-32 (GENTOO)
56067 (BID)
oval:org.mitre.oval:def:16654 (OVAL)
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html (CONFIRM)
CVE: CVE-2013-0351
CVE: CVE-2013-0351
Id:
CVE-2013-0351
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57720 (BID)
oval:org.mitre.oval:def:19439 (OVAL)
oval:org.mitre.oval:def:19199 (OVAL)
oval:org.mitre.oval:def:16703 (OVAL)
CVE: CVE-2013-0409
CVE: CVE-2013-0409
Id:
CVE-2013-0409
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57728 (BID)
oval:org.mitre.oval:def:19383 (OVAL)
oval:org.mitre.oval:def:19240 (OVAL)
oval:org.mitre.oval:def:19114 (OVAL)
oval:org.mitre.oval:def:16530 (OVAL)
CVE: CVE-2013-0419
CVE: CVE-2013-0419
Id:
CVE-2013-0419
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57714 (BID)
oval:org.mitre.oval:def:19501 (OVAL)
oval:org.mitre.oval:def:19097 (OVAL)
oval:org.mitre.oval:def:16247 (OVAL)
CVE: CVE-2013-0423
CVE: CVE-2013-0423
Id:
CVE-2013-0423
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57716 (BID)
oval:org.mitre.oval:def:19425 (OVAL)
oval:org.mitre.oval:def:18869 (OVAL)
oval:org.mitre.oval:def:16476 (OVAL)
CVE: CVE-2013-0424
CVE: CVE-2013-0424
Id:
CVE-2013-0424
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906813 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57715 (BID)
oval:org.mitre.oval:def:19522 (OVAL)
oval:org.mitre.oval:def:19423 (OVAL)
oval:org.mitre.oval:def:19131 (OVAL)
oval:org.mitre.oval:def:16519 (OVAL)
CVE: CVE-2013-0425
CVE: CVE-2013-0425
Id:
CVE-2013-0425
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57709 (BID)
oval:org.mitre.oval:def:19503 (OVAL)
oval:org.mitre.oval:def:19502 (OVAL)
oval:org.mitre.oval:def:19483 (OVAL)
oval:org.mitre.oval:def:16058 (OVAL)
CVE: CVE-2013-0426
CVE: CVE-2013-0426
Id:
CVE-2013-0426
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57711 (BID)
oval:org.mitre.oval:def:19484 (OVAL)
oval:org.mitre.oval:def:19471 (OVAL)
oval:org.mitre.oval:def:19261 (OVAL)
oval:org.mitre.oval:def:15888 (OVAL)
CVE: CVE-2013-0427
CVE: CVE-2013-0427
Id:
CVE-2013-0427
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907455 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/87d135824bdf (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57724 (BID)
oval:org.mitre.oval:def:19488 (OVAL)
oval:org.mitre.oval:def:19245 (OVAL)
oval:org.mitre.oval:def:18641 (OVAL)
oval:org.mitre.oval:def:16013 (OVAL)
CVE: CVE-2013-0428
CVE: CVE-2013-0428
Id:
CVE-2013-0428
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=907207 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c9534e095b37 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57713 (BID)
oval:org.mitre.oval:def:19491 (OVAL)
oval:org.mitre.oval:def:19480 (OVAL)
oval:org.mitre.oval:def:19474 (OVAL)
oval:org.mitre.oval:def:16496 (OVAL)
CVE: CVE-2013-0432
CVE: CVE-2013-0432
Id:
CVE-2013-0432
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
CVSSv2 Score:
6.4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 (CONFIRM)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57727 (BID)
oval:org.mitre.oval:def:19489 (OVAL)
oval:org.mitre.oval:def:19426 (OVAL)
oval:org.mitre.oval:def:19181 (OVAL)
oval:org.mitre.oval:def:16567 (OVAL)
CVE: CVE-2013-0433
CVE: CVE-2013-0433
Id:
CVE-2013-0433
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=907456 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57719 (BID)
oval:org.mitre.oval:def:19468 (OVAL)
oval:org.mitre.oval:def:19459 (OVAL)
oval:org.mitre.oval:def:19405 (OVAL)
oval:org.mitre.oval:def:16537 (OVAL)
CVE: CVE-2013-0434
CVE: CVE-2013-0434
Id:
CVE-2013-0434
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b (CONFIRM)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57730 (BID)
oval:org.mitre.oval:def:19505 (OVAL)
oval:org.mitre.oval:def:19430 (OVAL)
oval:org.mitre.oval:def:19272 (OVAL)
oval:org.mitre.oval:def:16528 (OVAL)
CVE: CVE-2013-0435
CVE: CVE-2013-0435
Id:
CVE-2013-0435
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291 (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57729 (BID)
oval:org.mitre.oval:def:19520 (OVAL)
oval:org.mitre.oval:def:19078 (OVAL)
oval:org.mitre.oval:def:16489 (OVAL)
CVE: CVE-2013-0438
CVE: CVE-2013-0438
Id:
CVE-2013-0438
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57708 (BID)
oval:org.mitre.oval:def:19485 (OVAL)
oval:org.mitre.oval:def:19288 (OVAL)
oval:org.mitre.oval:def:16582 (OVAL)
CVE: CVE-2013-0440
CVE: CVE-2013-0440
Id:
CVE-2013-0440
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
https://bugzilla.redhat.com/show_bug.cgi?id=859140 (CONFIRM)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57712 (BID)
oval:org.mitre.oval:def:19397 (OVAL)
oval:org.mitre.oval:def:19285 (OVAL)
oval:org.mitre.oval:def:19229 (OVAL)
oval:org.mitre.oval:def:16558 (OVAL)
CVE: CVE-2013-0441
CVE: CVE-2013-0441
Id:
CVE-2013-0441
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57692 (BID)
oval:org.mitre.oval:def:19509 (OVAL)
oval:org.mitre.oval:def:19289 (OVAL)
oval:org.mitre.oval:def:19266 (OVAL)
oval:org.mitre.oval:def:16566 (OVAL)
CVE: CVE-2013-0442
CVE: CVE-2013-0442
Id:
CVE-2013-0442
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 (CONFIRM)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906899 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57687 (BID)
oval:org.mitre.oval:def:19434 (OVAL)
oval:org.mitre.oval:def:19126 (OVAL)
oval:org.mitre.oval:def:18597 (OVAL)
oval:org.mitre.oval:def:16035 (OVAL)
CVE: CVE-2013-0443
CVE: CVE-2013-0443
Id:
CVE-2013-0443
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
CVSSv2 Score:
4
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=907340 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57702 (BID)
oval:org.mitre.oval:def:19437 (OVAL)
oval:org.mitre.oval:def:19382 (OVAL)
oval:org.mitre.oval:def:19010 (OVAL)
oval:org.mitre.oval:def:15832 (OVAL)
CVE: CVE-2013-0445
CVE: CVE-2013-0445
Id:
CVE-2013-0445
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906900 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 (CONFIRM)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
57689 (BID)
oval:org.mitre.oval:def:19372 (OVAL)
oval:org.mitre.oval:def:19304 (OVAL)
oval:org.mitre.oval:def:19282 (OVAL)
oval:org.mitre.oval:def:16680 (OVAL)
CVE: CVE-2013-0446
CVE: CVE-2013-0446
Id:
CVE-2013-0446
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57699 (BID)
oval:org.mitre.oval:def:19102 (OVAL)
oval:org.mitre.oval:def:19048 (OVAL)
oval:org.mitre.oval:def:16353 (OVAL)
CVE: CVE-2013-0450
CVE: CVE-2013-0450
Id:
CVE-2013-0450
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e0d9f4942af (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=906911 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57703 (BID)
oval:org.mitre.oval:def:19572 (OVAL)
oval:org.mitre.oval:def:19363 (OVAL)
oval:org.mitre.oval:def:19286 (OVAL)
oval:org.mitre.oval:def:16550 (OVAL)
CVE: CVE-2013-0809
CVE: CVE-2013-0809
Id:
CVE-2013-0809
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
Comment
: Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
USN-1755-2 (UBUNTU)
RHSA-2013:0601 (REDHAT)
RHSA-2013:0604 (REDHAT)
RHSA-2013:0603 (REDHAT)
SUSE-SU-2013:0434 (SUSE)
openSUSE-SU-2013:0430 (SUSE)
openSUSE-SU-2013:0438 (SUSE)
TA13-064A (CERT)
HPSBUX02857 (HP)
SSRT101156 (HP)
[distro-pkg-dev] 20130304 [SECURITY] IcedTea6 1.11.9 and 1.12.4 Released! (MLIST)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
SUSE-SU-2013:0701 (SUSE)
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html (CONFIRM)
VU#688246 (CERT-VN)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088 (CONFIRM)
GLSA-201406-32 (GENTOO)
58296 (BID)
oval:org.mitre.oval:def:19479 (OVAL)
oval:org.mitre.oval:def:19320 (OVAL)
oval:org.mitre.oval:def:19076 (OVAL)
http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml ()
CVE: CVE-2013-1473
CVE: CVE-2013-1473
Id:
CVE-2013-1473
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57731 (BID)
oval:org.mitre.oval:def:19271 (OVAL)
oval:org.mitre.oval:def:19121 (OVAL)
oval:org.mitre.oval:def:16074 (OVAL)
CVE: CVE-2013-1476
CVE: CVE-2013-1476
Id:
CVE-2013-1476
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210 (CONFIRM)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
openSUSE-SU-2013:0312 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57696 (BID)
oval:org.mitre.oval:def:19507 (OVAL)
oval:org.mitre.oval:def:19475 (OVAL)
oval:org.mitre.oval:def:19466 (OVAL)
oval:org.mitre.oval:def:16652 (OVAL)
CVE: CVE-2013-1478
CVE: CVE-2013-1478
Id:
CVE-2013-1478
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906894 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/d89bd26ac435 (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
http://www-01.ibm.com/support/docview.wss?uid=swg21645566 (CONFIRM)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
GLSA-201406-32 (GENTOO)
57686 (BID)
oval:org.mitre.oval:def:19529 (OVAL)
oval:org.mitre.oval:def:19454 (OVAL)
oval:org.mitre.oval:def:19429 (OVAL)
oval:org.mitre.oval:def:15733 (OVAL)
CVE: CVE-2013-1480
CVE: CVE-2013-1480
Id:
CVE-2013-1480
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0237 (REDHAT)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
RHSA-2013:0245 (REDHAT)
RHSA-2013:0247 (REDHAT)
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS (CONFIRM)
RHSA-2013:0246 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=906904 (CONFIRM)
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f (CONFIRM)
openSUSE-SU-2013:0377 (SUSE)
SUSE-SU-2013:0478 (SUSE)
HPSBUX02857 (HP)
SSRT101156 (HP)
HPSBMU02874 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
GLSA-201406-32 (GENTOO)
57691 (BID)
oval:org.mitre.oval:def:19504 (OVAL)
oval:org.mitre.oval:def:19351 (OVAL)
oval:org.mitre.oval:def:18845 (OVAL)
oval:org.mitre.oval:def:16045 (OVAL)
CVE: CVE-2013-1481
CVE: CVE-2013-1481
Id:
CVE-2013-1481
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (CONFIRM)
RHSA-2013:0236 (REDHAT)
TA13-032A (CERT)
VU#858729 (CERT-VN)
SUSE-SU-2013:0478 (SUSE)
HPSBMU02874 (HP)
SSRT101156 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
57718 (BID)
oval:org.mitre.oval:def:19268 (OVAL)
oval:org.mitre.oval:def:19170 (OVAL)
oval:org.mitre.oval:def:16430 (OVAL)
CVE: CVE-2013-1486
CVE: CVE-2013-1486
Id:
CVE-2013-1486
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
Comment
: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html (CONFIRM)
openSUSE-SU-2013:0375 (SUSE)
SUSE-SU-2013:0328 (SUSE)
USN-1735-1 (UBUNTU)
openSUSE-SU-2013:0378 (SUSE)
TA13-051A (CERT)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
MDVSA-2013:095 (MANDRIVA)
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ (MISC)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084 (CONFIRM)
GLSA-201406-32 (GENTOO)
58029 (BID)
oval:org.mitre.oval:def:19469 (OVAL)
oval:org.mitre.oval:def:19402 (OVAL)
CVE: CVE-2013-1487
CVE: CVE-2013-1487
Id:
CVE-2013-1487
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487
Comment
: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html (CONFIRM)
USN-1735-1 (UBUNTU)
TA13-051A (CERT)
HPSBMU02874 (HP)
HPSBUX02857 (HP)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
58031 (BID)
oval:org.mitre.oval:def:19511 (OVAL)
CVE: CVE-2013-1493
CVE: CVE-2013-1493
Id:
CVE-2013-1493
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
Comment
: The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
CVSSv2 Score:
10
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html (MISC)
http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident (MISC)
https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/ (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=917553 (CONFIRM)
https://twitter.com/jduck1337/status/307629902574800897 (MISC)
USN-1755-2 (UBUNTU)
RHSA-2013:0604 (REDHAT)
SUSE-SU-2013:0434 (SUSE)
openSUSE-SU-2013:0438 (SUSE)
RHSA-2013:0601 (REDHAT)
RHSA-2013:0603 (REDHAT)
openSUSE-SU-2013:0430 (SUSE)
TA13-064A (CERT)
HPSBUX02857 (HP)
SSRT101156 (HP)
[distro-pkg-dev] 20130304 [SECURITY] IcedTea6 1.11.9 and 1.12.4 Released! (MLIST)
RHSA-2013:1455 (REDHAT)
RHSA-2013:1456 (REDHAT)
24904 (EXPLOIT-DB)
SUSE-SU-2013:0701 (SUSE)
VU#688246 (CERT-VN)
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html (CONFIRM)
MDVSA-2013:095 (MANDRIVA)
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088 (CONFIRM)
GLSA-201406-32 (GENTOO)
HPSBMU02964 (HP)
1029803 (SECTRACK)
58238 (BID)
oval:org.mitre.oval:def:19477 (OVAL)
oval:org.mitre.oval:def:19246 (OVAL)
http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml ()
Content available only for registered users!
ovaldb@altx-soft.com