Login

Tenable Community & Support

Tenable University

CVE-2013-0423

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

References

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136570436423916&w=2

http://marc.info/?l=bugtraq&m=136733161405818&w=2

http://rhn.redhat.com/errata/RHSA-2013-0236.html

http://rhn.redhat.com/errata/RHSA-2013-0237.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://www.kb.cert.org/vuls/id/858729

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

http://www.securityfocus.com/bid/57716

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16476

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18869

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19425

Details

Source: MITRE

Published: 2013-02-02

Updated: 2017-09-19

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

ID	Name	Product	Family	Severity
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
65597	SuSE 11.2 Security Update : Java (SAT Patch Number 7481)	Nessus	SuSE Local Security Checks	critical
65570	SuSE 10 Security Update : Java (ZYPP Patch Number 8495)	Nessus	SuSE Local Security Checks	critical
65246	SuSE 11.2 Security Update : Java (SAT Patch Number 7454)	Nessus	SuSE Local Security Checks	critical
65204	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)	Nessus	Red Hat Local Security Checks	critical
65203	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0625)	Nessus	Red Hat Local Security Checks	critical
64850	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)	Nessus	Misc.	critical
64700	Mac OS X : Java for OS X 2013-001	Nessus	MacOS X Local Security Checks	critical
64639	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1724-1)	Nessus	Ubuntu Local Security Checks	critical
64605	Scientific Linux Security Update : jdk-1.6.0 on SL 5.0 - 5.8 (i386 x86_64) (20130205)	Nessus	Scientific Linux Local Security Checks	critical
64472	Mac OS X : Java for Mac OS X 10.6 Update 12	Nessus	MacOS X Local Security Checks	critical
64468	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0237)	Nessus	Red Hat Local Security Checks	critical
64467	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0236)	Nessus	Red Hat Local Security Checks	critical
64454	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)	Nessus	Windows	critical
6685	Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)	Nessus Network Monitor	Web Clients	critical