Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0440

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0440
Last Modified 02 Mar 2015 09:59:23
Published 01 Feb 2013 07:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0440

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.

Vulnerable Systems

Application

  • Oracle Jdk 1.4.2 38

  • Oracle Jdk 1.4.2 40

  • Oracle Jdk 1.5.0

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.4.2 38

  • Oracle Jre 1.4.2 40

  • Oracle Jre 1.5.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.4.2

  • Sun Jdk 1.4.2 1

  • Sun Jdk 1.4.2 10

  • Sun Jdk 1.4.2 11

  • Sun Jdk 1.4.2 12

  • Sun Jdk 1.4.2 13

  • Sun Jdk 1.4.2 14

  • Sun Jdk 1.4.2 15

  • Sun Jdk 1.4.2 16

  • Sun Jdk 1.4.2 17

  • Sun Jdk 1.4.2 18

  • Sun Jdk 1.4.2 19

  • Sun Jdk 1.4.2 2

  • Sun Jdk 1.4.2 22

  • Sun Jdk 1.4.2 23

  • Sun Jdk 1.4.2 25

  • Sun Jdk 1.4.2 26

  • Sun Jdk 1.4.2 27

  • Sun Jdk 1.4.2 28

  • Sun Jdk 1.4.2 29

  • Sun Jdk 1.4.2 3

  • Sun Jdk 1.4.2 30

  • Sun Jdk 1.4.2 31

  • Sun Jdk 1.4.2 32

  • Sun Jdk 1.4.2 33

  • Sun Jdk 1.4.2 34

  • Sun Jdk 1.4.2 35

  • Sun Jdk 1.4.2 36

  • Sun Jdk 1.4.2 37

  • Sun Jdk 1.4.2 4

  • Sun Jdk 1.4.2 5

  • Sun Jdk 1.4.2 6

  • Sun Jdk 1.4.2 7

  • Sun Jdk 1.4.2 8

  • Sun Jdk 1.4.2 9

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 1

  • Sun Jre 1.4.2 10

  • Sun Jre 1.4.2 11

  • Sun Jre 1.4.2 12

  • Sun Jre 1.4.2 13

  • Sun Jre 1.4.2 14

  • Sun Jre 1.4.2 15

  • Sun Jre 1.4.2 16

  • Sun Jre 1.4.2 17

  • Sun Jre 1.4.2 18

  • Sun Jre 1.4.2 19

  • Sun Jre 1.4.2 2

  • Sun Jre 1.4.2 20

  • Sun Jre 1.4.2 21

  • Sun Jre 1.4.2 22

  • Sun Jre 1.4.2 23

  • Sun Jre 1.4.2 24

  • Sun Jre 1.4.2 25

  • Sun Jre 1.4.2 26

  • Sun Jre 1.4.2 27

  • Sun Jre 1.4.2 28

  • Sun Jre 1.4.2 29

  • Sun Jre 1.4.2 3

  • Sun Jre 1.4.2 30

  • Sun Jre 1.4.2 31

  • Sun Jre 1.4.2 32

  • Sun Jre 1.4.2 33

  • Sun Jre 1.4.2 34

  • Sun Jre 1.4.2 35

  • Sun Jre 1.4.2 36

  • Sun Jre 1.4.2 37

  • Sun Jre 1.4.2 4

  • Sun Jre 1.4.2 5

  • Sun Jre 1.4.2 6

  • Sun Jre 1.4.2 7

  • Sun Jre 1.4.2 8

  • Sun Jre 1.4.2 9

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=859140

REDHAT - RHSA-2013:0247

REDHAT - RHSA-2013:0246

REDHAT - RHSA-2013:0245

SUSE - openSUSE-SU-2013:0377

SUSE - openSUSE-SU-2013:0312

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

SUSE - SUSE-SU-2013:0478

HP - SSRT101184

HP - HPSBMU02874

HP - HPSBUX02864

HP - SSRT101156

HP - HPSBUX02857

HP - SSRT101103

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

MANDRIVA - MDVSA-2013:095

GENTOO - GLSA-201406-32

BID - 57712

Related Patches

Apple 2013-02-01 Java for Mac OS X 10.6 Update 12

Apple 2013-02-19 Java for OS X 2013-001

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 i586

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 x86_64

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 i586

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:47