Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0429

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2013-0429
Last Modified 04 Oct 2014 01:01:37
Published 01 Feb 2013 07:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0429

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.

Vulnerable Systems

Application

  • Oracle Jdk 1.5.0

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.5.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

REDHAT - RHSA-2013:0247

REDHAT - RHSA-2013:0246

REDHAT - RHSA-2013:0245

SUSE - openSUSE-SU-2013:0377

SUSE - openSUSE-SU-2013:0312

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/c1ed8145c1b8

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460

HP - SSRT101184

HP - HPSBMU02874

HP - SSRT101156

HP - HPSBUX02864

HP - HPSBUX02857

HP - SSRT101103

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

MANDRIVA - MDVSA-2013:095

GENTOO - GLSA-201406-32

Related Patches

Apple 2013-02-01 Java for Mac OS X 10.6 Update 12

Apple 2013-02-19 Java for OS X 2013-001

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 i586

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 11:01:46