CVE-2013-1493 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
oracle	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Vendor	Product	Version
oracle	jre	𝑥 ≤ 1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	𝑥 ≤ 1.5.0
oracle	jre	1.5.0
oracle	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
oracle	jdk	𝑥 ≤ 1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
oracle	jre	𝑥 ≤ 1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
oracle	jdk	𝑥 ≤ 1.5.0
oracle	jdk	1.5.0
oracle	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
oracle	jdk	𝑥 ≤ 1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

quantal	Fixed 6b27-1.12.3-0ubuntu1~12.10.1 released
precise	Fixed 6b27-1.12.3-0ubuntu1~12.04.1 released
oneiric	Fixed 6b27-1.12.3-0ubuntu1~11.10.1 released
lucid	Fixed 6b27-1.12.3-0ubuntu1~10.04.1 released
hardy	Fixed 6b27-1.12.3-0ubuntu1~8.04.2 released

openjdk-6b18

quantal	dne
precise	dne
oneiric	ignored
lucid	ignored
hardy	dne

openjdk-7

quantal	Fixed 7u15-2.3.7-0ubuntu1~12.10.1 released
precise	Fixed 7u15-2.3.7-0ubuntu1~12.04.1 released
oneiric	Fixed 7u15-2.3.7-0ubuntu1~11.10.1 released
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://rhn.redhat.com/errata/RHSA-2013-0601.html

http://rhn.redhat.com/errata/RHSA-2013-0603.html

http://rhn.redhat.com/errata/RHSA-2013-0604.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.exploit-db.com/exploits/24904

http://www.kb.cert.org/vuls/id/688246

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

http://www.securityfocus.com/bid/58238

http://www.securitytracker.com/id/1029803

http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

http://www.ubuntu.com/usn/USN-1755-2

http://www.us-cert.gov/ncas/alerts/TA13-064A

https://bugzilla.redhat.com/show_bug.cgi?id=917553

https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

https://twitter.com/jduck1337/status/307629902574800897

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://rhn.redhat.com/errata/RHSA-2013-0601.html

http://rhn.redhat.com/errata/RHSA-2013-0603.html

http://rhn.redhat.com/errata/RHSA-2013-0604.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.exploit-db.com/exploits/24904

http://www.kb.cert.org/vuls/id/688246

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

http://www.securityfocus.com/bid/58238

http://www.securitytracker.com/id/1029803

http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

http://www.ubuntu.com/usn/USN-1755-2

http://www.us-cert.gov/ncas/alerts/TA13-064A

https://bugzilla.redhat.com/show_bug.cgi?id=917553

https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

https://twitter.com/jduck1337/status/307629902574800897

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088