CVE-2013-0431

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.

References

http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/

http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

http://marc.info/?l=bugtraq&m=136439120408139&w=2

http://marc.info/?l=bugtraq&m=136733161405818&w=2

http://rhn.redhat.com/errata/RHSA-2013-0237.html

http://rhn.redhat.com/errata/RHSA-2013-0247.html

http://seclists.org/fulldisclosure/2013/Jan/142

http://seclists.org/fulldisclosure/2013/Jan/195

http://security.gentoo.org/glsa/glsa-201406-32.xml

http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717

http://www.kb.cert.org/vuls/id/858729

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

http://www.securityfocus.com/archive/1/525387/30/0/threaded

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16579

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19418

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Details

Source: MITRE

Published: 2013-01-31

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
76303GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)NessusGentoo Local Security Checks
critical
74907openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)NessusSuSE Local Security Checks
critical
71861IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)NessusWindows
critical
71859IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)NessusMisc.
critical
70744IBM Notes 8.5.x < 8.5.3 FP5 Multiple VulnerabilitiesNessusWindows
critical
70743IBM Domino 8.5.x < 8.5.3 FP5 Multiple VulnerabilitiesNessusWindows
critical
70742IBM Domino 8.5.x < 8.5.3 FP 5 Multiple VulnerabilitiesNessusMisc.
critical
69715Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-156)NessusAmazon Linux Local Security Checks
critical
68728Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0247)NessusOracle Linux Local Security Checks
critical
66107Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)NessusMandriva Local Security Checks
critical
65246SuSE 11.2 Security Update : Java (SAT Patch Number 7454)NessusSuSE Local Security Checks
critical
65204RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)NessusRed Hat Local Security Checks
critical
64850Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)NessusMisc.
critical
64537CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0247)NessusCentOS Local Security Checks
critical
64523Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130208)NessusScientific Linux Local Security Checks
critical
64520RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0247)NessusRed Hat Local Security Checks
critical
64468RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0237)NessusRed Hat Local Security Checks
critical
64454Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)NessusWindows
critical
6685Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)Nessus Network MonitorWeb Clients
critical