CVE-2013-1493 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
oracle	jre	𝑥 ≤ 1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	1.7.0
oracle	jre	𝑥 ≤ 1.5.0
oracle	jre	1.5.0
oracle	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
sun	jre	1.5.0
oracle	jdk	𝑥 ≤ 1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
oracle	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
sun	jdk	1.6.0
oracle	jre	𝑥 ≤ 1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
oracle	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
sun	jre	1.6.0
oracle	jdk	𝑥 ≤ 1.5.0
oracle	jdk	1.5.0
oracle	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
sun	jdk	1.5.0
oracle	jdk	𝑥 ≤ 1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0
oracle	jdk	1.7.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

openjdk-6

hardy	Fixed 6b27-1.12.3-0ubuntu1~8.04.2 released
lucid	Fixed 6b27-1.12.3-0ubuntu1~10.04.1 released
oneiric	Fixed 6b27-1.12.3-0ubuntu1~11.10.1 released
precise	Fixed 6b27-1.12.3-0ubuntu1~12.04.1 released
quantal	Fixed 6b27-1.12.3-0ubuntu1~12.10.1 released

openjdk-6b18

hardy	dne
lucid	ignored
oneiric	ignored
precise	dne
quantal	dne

openjdk-7

hardy	dne
lucid	dne
oneiric	Fixed 7u15-2.3.7-0ubuntu1~11.10.1 released
precise	Fixed 7u15-2.3.7-0ubuntu1~12.04.1 released
quantal	Fixed 7u15-2.3.7-0ubuntu1~12.10.1 released

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://rhn.redhat.com/errata/RHSA-2013-0601.html

http://rhn.redhat.com/errata/RHSA-2013-0603.html

http://rhn.redhat.com/errata/RHSA-2013-0604.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.exploit-db.com/exploits/24904

http://www.kb.cert.org/vuls/id/688246

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

http://www.securityfocus.com/bid/58238

http://www.securitytracker.com/id/1029803

http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

http://www.ubuntu.com/usn/USN-1755-2

http://www.us-cert.gov/ncas/alerts/TA13-064A

https://bugzilla.redhat.com/show_bug.cgi?id=917553

https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

https://twitter.com/jduck1337/status/307629902574800897

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html

http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://rhn.redhat.com/errata/RHSA-2013-0601.html

http://rhn.redhat.com/errata/RHSA-2013-0603.html

http://rhn.redhat.com/errata/RHSA-2013-0604.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.exploit-db.com/exploits/24904

http://www.kb.cert.org/vuls/id/688246

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

http://www.securityfocus.com/bid/58238

http://www.securitytracker.com/id/1029803

http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

http://www.ubuntu.com/usn/USN-1755-2

http://www.us-cert.gov/ncas/alerts/TA13-064A

https://bugzilla.redhat.com/show_bug.cgi?id=917553

https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

https://twitter.com/jduck1337/status/307629902574800897

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088