Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0425

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-0425
Last Modified 04 Oct 2014 01:01:36
Published 01 Feb 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0425

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.

Vulnerable Systems

Application

  • Oracle Jdk 1.4.2 38

  • Oracle Jdk 1.4.2 40

  • Oracle Jdk 1.5.0

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.4.2 38

  • Oracle Jre 1.4.2 40

  • Oracle Jre 1.5.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.4.2

  • Sun Jdk 1.4.2 1

  • Sun Jdk 1.4.2 10

  • Sun Jdk 1.4.2 11

  • Sun Jdk 1.4.2 12

  • Sun Jdk 1.4.2 13

  • Sun Jdk 1.4.2 14

  • Sun Jdk 1.4.2 15

  • Sun Jdk 1.4.2 16

  • Sun Jdk 1.4.2 17

  • Sun Jdk 1.4.2 18

  • Sun Jdk 1.4.2 19

  • Sun Jdk 1.4.2 2

  • Sun Jdk 1.4.2 22

  • Sun Jdk 1.4.2 23

  • Sun Jdk 1.4.2 25

  • Sun Jdk 1.4.2 26

  • Sun Jdk 1.4.2 27

  • Sun Jdk 1.4.2 28

  • Sun Jdk 1.4.2 29

  • Sun Jdk 1.4.2 3

  • Sun Jdk 1.4.2 30

  • Sun Jdk 1.4.2 31

  • Sun Jdk 1.4.2 32

  • Sun Jdk 1.4.2 33

  • Sun Jdk 1.4.2 34

  • Sun Jdk 1.4.2 35

  • Sun Jdk 1.4.2 36

  • Sun Jdk 1.4.2 37

  • Sun Jdk 1.4.2 4

  • Sun Jdk 1.4.2 5

  • Sun Jdk 1.4.2 6

  • Sun Jdk 1.4.2 7

  • Sun Jdk 1.4.2 8

  • Sun Jdk 1.4.2 9

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 1

  • Sun Jre 1.4.2 10

  • Sun Jre 1.4.2 11

  • Sun Jre 1.4.2 12

  • Sun Jre 1.4.2 13

  • Sun Jre 1.4.2 14

  • Sun Jre 1.4.2 15

  • Sun Jre 1.4.2 16

  • Sun Jre 1.4.2 17

  • Sun Jre 1.4.2 18

  • Sun Jre 1.4.2 19

  • Sun Jre 1.4.2 2

  • Sun Jre 1.4.2 20

  • Sun Jre 1.4.2 21

  • Sun Jre 1.4.2 22

  • Sun Jre 1.4.2 23

  • Sun Jre 1.4.2 24

  • Sun Jre 1.4.2 25

  • Sun Jre 1.4.2 26

  • Sun Jre 1.4.2 27

  • Sun Jre 1.4.2 28

  • Sun Jre 1.4.2 29

  • Sun Jre 1.4.2 3

  • Sun Jre 1.4.2 30

  • Sun Jre 1.4.2 31

  • Sun Jre 1.4.2 32

  • Sun Jre 1.4.2 33

  • Sun Jre 1.4.2 34

  • Sun Jre 1.4.2 35

  • Sun Jre 1.4.2 36

  • Sun Jre 1.4.2 37

  • Sun Jre 1.4.2 4

  • Sun Jre 1.4.2 5

  • Sun Jre 1.4.2 6

  • Sun Jre 1.4.2 7

  • Sun Jre 1.4.2 8

  • Sun Jre 1.4.2 9

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

REDHAT - RHSA-2013:0247

REDHAT - RHSA-2013:0246

REDHAT - RHSA-2013:0245

SUSE - openSUSE-SU-2013:0377

SUSE - openSUSE-SU-2013:0312

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344

SUSE - SUSE-SU-2013:0478

HP - SSRT101184

HP - HPSBMU02874

HP - SSRT101156

HP - HPSBUX02864

HP - HPSBUX02857

HP - SSRT101103

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

MANDRIVA - MDVSA-2013:095

GENTOO - GLSA-201406-32

Related Patches

Apple 2013-02-01 Java for Mac OS X 10.6 Update 12

Apple 2013-02-19 Java for OS X 2013-001

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 i586

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 x86_64

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 i586

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:46