Podatność CVE-2013-2419
Publikacja: 2013-04-17   Modyfikacja: 2013-04-18

Opis:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
Java ActiveX Control Memory Corruption
A. Antukh
18.04.2013
High
iTunes 11.2.2 for Windows: completely outdated and vulnerable 3rd party libraries
Stefan Kanthak
09.07.2014

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5/10
2.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Brak
Częściowy
Affected software
SUN -> JDK 
SUN -> JRE 
Oracle -> JDK 
Oracle -> JRE 

 Referencje:
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
http://bugs.icu-project.org/trac/ticket/10107
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
http://marc.info/?l=bugtraq&m=137283787217316&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16527
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19386
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19526
http://rhn.redhat.com/errata/RHSA-2013-0752.html
http://rhn.redhat.com/errata/RHSA-2013-0757.html
http://rhn.redhat.com/errata/RHSA-2013-0758.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://site.icu-project.org/download/51#TOC-Known-Issues
http://www.mandriva.com/security/advisories?name=MDVSA-2013:145
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
http://www.securityfocus.com/bid/59131
http://www.ubuntu.com/usn/USN-1806-1
http://www.us-cert.gov/ncas/alerts/TA13-107A
https://bugzilla.redhat.com/show_bug.cgi?id=952656
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Copyright 2024, cxsecurity.com

 

Back to Top