Published: 02/02/2013 Updated: 13/05/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote malicious users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jre 1.7.0
oracle jdk 1.7.0
sun jre 1.6.0
oracle jre 1.6.0
sun jdk 1.6.0
oracle jdk 1.6.0

Several security issues were fixed in OpenJDK ...

Synopsis Important: java-160-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security im ...

Synopsis Critical: java-160-openjdk security update Type/Severity Security Advisory: Critical Topic Updated java-160-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impac ...

Synopsis Critical: java-160-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...

Synopsis Low: Red Hat Network Satellite server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 55The Red Hat Security Response Team has rated this update as ha ...

Synopsis Critical: java-170-ibm security update Type/Severity Security Advisory: Critical Topic Updated java-170-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalse ...

Synopsis Important: java-170-openjdk security update Type/Severity Security Advisory: Important Topic Updated java-170-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as havingimportant secur ...

Synopsis Low: Red Hat Network Satellite server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 54The Red Hat Security Response Team has rated this update as ha ...

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters A specially-crafted ...

Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE- ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-0236.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html http://www.kb.cert.org/vuls/id/858729 http://rhn.redhat.com/errata/RHSA-2013-0245.html http://rhn.redhat.com/errata/RHSA-2013-0247.html http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291 http://rhn.redhat.com/errata/RHSA-2013-0246.html http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.securityfocus.com/bid/57729 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19078 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16489 https://usn.ubuntu.com/1724-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/858729

Get Started

CVE-2013-0435

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect