Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0435

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0435
Last Modified 04 Oct 2014 01:01:40
Published 01 Feb 2013 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0435

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."

Vulnerable Systems

Application

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

REDHAT - RHSA-2013:0247

REDHAT - RHSA-2013:0246

REDHAT - RHSA-2013:0245

SUSE - openSUSE-SU-2013:0377

SUSE - openSUSE-SU-2013:0312

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892

HP - SSRT101184

HP - HPSBMU02874

HP - SSRT101156

HP - HPSBUX02864

HP - HPSBUX02857

HP - SSRT101103

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

MANDRIVA - MDVSA-2013:095

GENTOO - GLSA-201406-32

Related Patches

Apple 2013-02-01 Java for Mac OS X 10.6 Update 12

Apple 2013-02-19 Java for OS X 2013-001

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 i586

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 x86_64

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:47