Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1476

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-1476
Last Modified 04 Oct 2014 01:04:37
Published 01 Feb 2013 07:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1476

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."

Vulnerable Systems

Application

  • Oracle Jdk 1.4.2 38

  • Oracle Jdk 1.4.2 40

  • Oracle Jdk 1.5.0

  • Oracle Jdk 1.6.0

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.4.2 38

  • Oracle Jre 1.4.2 40

  • Oracle Jre 1.5.0

  • Oracle Jre 1.6.0

  • Oracle Jre 1.7.0

  • Sun Jdk 1.4.2

  • Sun Jdk 1.4.2 1

  • Sun Jdk 1.4.2 10

  • Sun Jdk 1.4.2 11

  • Sun Jdk 1.4.2 12

  • Sun Jdk 1.4.2 13

  • Sun Jdk 1.4.2 14

  • Sun Jdk 1.4.2 15

  • Sun Jdk 1.4.2 16

  • Sun Jdk 1.4.2 17

  • Sun Jdk 1.4.2 18

  • Sun Jdk 1.4.2 19

  • Sun Jdk 1.4.2 2

  • Sun Jdk 1.4.2 22

  • Sun Jdk 1.4.2 23

  • Sun Jdk 1.4.2 25

  • Sun Jdk 1.4.2 26

  • Sun Jdk 1.4.2 27

  • Sun Jdk 1.4.2 28

  • Sun Jdk 1.4.2 29

  • Sun Jdk 1.4.2 3

  • Sun Jdk 1.4.2 30

  • Sun Jdk 1.4.2 31

  • Sun Jdk 1.4.2 32

  • Sun Jdk 1.4.2 33

  • Sun Jdk 1.4.2 34

  • Sun Jdk 1.4.2 35

  • Sun Jdk 1.4.2 36

  • Sun Jdk 1.4.2 37

  • Sun Jdk 1.4.2 4

  • Sun Jdk 1.4.2 5

  • Sun Jdk 1.4.2 6

  • Sun Jdk 1.4.2 7

  • Sun Jdk 1.4.2 8

  • Sun Jdk 1.4.2 9

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 1

  • Sun Jre 1.4.2 10

  • Sun Jre 1.4.2 11

  • Sun Jre 1.4.2 12

  • Sun Jre 1.4.2 13

  • Sun Jre 1.4.2 14

  • Sun Jre 1.4.2 15

  • Sun Jre 1.4.2 16

  • Sun Jre 1.4.2 17

  • Sun Jre 1.4.2 18

  • Sun Jre 1.4.2 19

  • Sun Jre 1.4.2 2

  • Sun Jre 1.4.2 20

  • Sun Jre 1.4.2 21

  • Sun Jre 1.4.2 22

  • Sun Jre 1.4.2 23

  • Sun Jre 1.4.2 24

  • Sun Jre 1.4.2 25

  • Sun Jre 1.4.2 26

  • Sun Jre 1.4.2 27

  • Sun Jre 1.4.2 28

  • Sun Jre 1.4.2 29

  • Sun Jre 1.4.2 3

  • Sun Jre 1.4.2 30

  • Sun Jre 1.4.2 31

  • Sun Jre 1.4.2 32

  • Sun Jre 1.4.2 33

  • Sun Jre 1.4.2 34

  • Sun Jre 1.4.2 35

  • Sun Jre 1.4.2 36

  • Sun Jre 1.4.2 37

  • Sun Jre 1.4.2 4

  • Sun Jre 1.4.2 5

  • Sun Jre 1.4.2 6

  • Sun Jre 1.4.2 7

  • Sun Jre 1.4.2 8

  • Sun Jre 1.4.2 9

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0


References

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

REDHAT - RHSA-2013:0237

REDHAT - RHSA-2013:0236

CERT - TA13-032A

CERT-VN - VU#858729

REDHAT - RHSA-2013:0247

REDHAT - RHSA-2013:0246

REDHAT - RHSA-2013:0245

SUSE - openSUSE-SU-2013:0377

SUSE - openSUSE-SU-2013:0312

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210

CONFIRM - http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

CONFIRM - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457

SUSE - SUSE-SU-2013:0478

HP - SSRT101184

HP - HPSBMU02874

HP - SSRT101156

HP - HPSBUX02864

HP - HPSBUX02857

HP - SSRT101103

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

MANDRIVA - MDVSA-2013:095

GENTOO - GLSA-201406-32

Related Patches

Apple 2013-02-01 Java for Mac OS X 10.6 Update 12

Oracle Java JRE 1.6.0_39 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_13 for Mac OS X (Update)

Oracle Java JRE 1.6.0_39 for Windows (Update) (64Bit) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_13 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 i586

Novell SUSE 2013:7332 java-1_6_0-openjdk security update for SLED 11 SP2 x86_64

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7450 java-1_4_2-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7454 java-1_7_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 i586

Novell SUSE 2013:7481 java-1_6_0-ibm security update for SLES 11 SP2 x86_64

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8481 java-1_4_2-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 i586

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLE 10 SP4 x86_64

Novell SUSE 2013:8483 java-1_5_0-ibm security update for SLES 10 SP4 x86_64

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 i586

Novell SUSE 2013:8495 java-1_6_0-ibm security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:01:47