CVE-2013-0424

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
oracleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
oraclejre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
sunjre
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
oraclejdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
sunjdk
1.6.0
oraclejre
1.5.0
oraclejre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
oraclejdk
1.5.0
oraclejdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
sunjdk
1.5.0
oraclejre
𝑥
≤ 1.4.2_40
oraclejre
1.4.2_38:_38
sunjre
1.4.2
sunjre
1.4.2_1:_1
sunjre
1.4.2_2:_2
sunjre
1.4.2_3:_3
sunjre
1.4.2_4:_4
sunjre
1.4.2_5:_5
sunjre
1.4.2_6:_6
sunjre
1.4.2_7:_7
sunjre
1.4.2_8:_8
sunjre
1.4.2_9:_9
sunjre
1.4.2_10:_10
sunjre
1.4.2_11:_11
sunjre
1.4.2_12:_12
sunjre
1.4.2_13:_13
sunjre
1.4.2_14:_14
sunjre
1.4.2_15:_15
sunjre
1.4.2_16:_16
sunjre
1.4.2_17:_17
sunjre
1.4.2_18:_18
sunjre
1.4.2_19:_19
sunjre
1.4.2_20:_20
sunjre
1.4.2_21:_21
sunjre
1.4.2_22:_22
sunjre
1.4.2_23:_23
sunjre
1.4.2_24:_24
sunjre
1.4.2_25:_25
sunjre
1.4.2_26:_26
sunjre
1.4.2_27:_27
sunjre
1.4.2_28:_28
sunjre
1.4.2_29:_29
sunjre
1.4.2_30:_30
sunjre
1.4.2_31:_31
sunjre
1.4.2_32:_32
sunjre
1.4.2_33:_33
sunjre
1.4.2_34:_34
sunjre
1.4.2_35:_35
sunjre
1.4.2_36:_36
sunjre
1.4.2_37:_37
oraclejdk
𝑥
≤ 1.4.2_40
oraclejdk
1.4.2_38:_38
sunjdk
1.4.2
sunjdk
1.4.2_1:_1
sunjdk
1.4.2_2:_2
sunjdk
1.4.2_3:_3
sunjdk
1.4.2_4:_4
sunjdk
1.4.2_5:_5
sunjdk
1.4.2_6:_6
sunjdk
1.4.2_7:_7
sunjdk
1.4.2_8:_8
sunjdk
1.4.2_9:_9
sunjdk
1.4.2_10:_10
sunjdk
1.4.2_11:_11
sunjdk
1.4.2_12:_12
sunjdk
1.4.2_13:_13
sunjdk
1.4.2_14:_14
sunjdk
1.4.2_15:_15
sunjdk
1.4.2_16:_16
sunjdk
1.4.2_17:_17
sunjdk
1.4.2_18:_18
sunjdk
1.4.2_19:_19
sunjdk
1.4.2_22:_22
sunjdk
1.4.2_23:_23
sunjdk
1.4.2_25:_25
sunjdk
1.4.2_26:_26
sunjdk
1.4.2_27:_27
sunjdk
1.4.2_28:_28
sunjdk
1.4.2_29:_29
sunjdk
1.4.2_30:_30
sunjdk
1.4.2_31:_31
sunjdk
1.4.2_32:_32
sunjdk
1.4.2_33:_33
sunjdk
1.4.2_34:_34
sunjdk
1.4.2_35:_35
sunjdk
1.4.2_36:_36
sunjdk
1.4.2_37:_37
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
quantal
Fixed 6b27-1.12.1-2ubuntu0.12.10.2
released
precise
Fixed 6b27-1.12.1-2ubuntu0.12.04.2
released
oneiric
Fixed 6b27-1.12.1-2ubuntu0.11.10.2
released
lucid
Fixed 6b27-1.12.1-2ubuntu0.10.04.2
released
hardy
Fixed 6b27-1.12.3-0ubuntu1~08.04.1
released
openjdk-6b18
quantal
dne
precise
dne
oneiric
ignored
lucid
ignored
hardy
dne
openjdk-7
quantal
Fixed 7u13-2.3.6-0ubuntu0.12.10.1
released
precise
Fixed 7u13-2.3.6-0ubuntu0.12.04.1
released
oneiric
Fixed 7u13-2.3.6-0ubuntu0.11.10.2
released
lucid
dne
hardy
dne
sun-java5
quantal
dne
precise
dne
oneiric
dne
lucid
dne
hardy
ignored
sun-java6
quantal
dne
precise
dne
oneiric
dne
lucid
dne
hardy
ignored
References
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136570436423916&w=2
http://marc.info/?l=bugtraq&m=136570436423916&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://rhn.redhat.com/errata/RHSA-2013-0236.html
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://rhn.redhat.com/errata/RHSA-2013-0245.html
http://rhn.redhat.com/errata/RHSA-2013-0246.html
http://rhn.redhat.com/errata/RHSA-2013-0247.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.kb.cert.org/vuls/id/858729
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.securityfocus.com/bid/57715
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
https://bugzilla.redhat.com/show_bug.cgi?id=906813
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16519
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19522
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS
http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e173569e1e7
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136570436423916&w=2
http://marc.info/?l=bugtraq&m=136570436423916&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://rhn.redhat.com/errata/RHSA-2013-0236.html
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://rhn.redhat.com/errata/RHSA-2013-0245.html
http://rhn.redhat.com/errata/RHSA-2013-0246.html
http://rhn.redhat.com/errata/RHSA-2013-0247.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.kb.cert.org/vuls/id/858729
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://www.securityfocus.com/bid/57715
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
https://bugzilla.redhat.com/show_bug.cgi?id=906813
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16519
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19423
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19522
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056