CVE-2013-0434

MEDIUM

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.

ID	Name	Product	Family	Severity
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
74907	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)	Nessus	SuSE Local Security Checks	critical
74896	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0308-1)	Nessus	SuSE Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	high
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	high
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	high
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	high
68728	Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0247)	Nessus	Oracle Linux Local Security Checks	critical
68727	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)	Nessus	Oracle Linux Local Security Checks	critical
68726	Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)	Nessus	Oracle Linux Local Security Checks	critical
66107	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)	Nessus	Mandriva Local Security Checks	critical
65599	SuSE 10 Security Update : Java (ZYPP Patch Number 8483)	Nessus	SuSE Local Security Checks	critical
65597	SuSE 11.2 Security Update : Java (SAT Patch Number 7481)	Nessus	SuSE Local Security Checks	critical
65570	SuSE 10 Security Update : Java (ZYPP Patch Number 8495)	Nessus	SuSE Local Security Checks	critical
65546	SuSE 10 Security Update : Java (ZYPP Patch Number 8481)	Nessus	SuSE Local Security Checks	critical
65545	SuSE 11.2 Security Update : Java (SAT Patch Number 7450)	Nessus	SuSE Local Security Checks	critical
65246	SuSE 11.2 Security Update : Java (SAT Patch Number 7454)	Nessus	SuSE Local Security Checks	critical
65204	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)	Nessus	Red Hat Local Security Checks	critical
65203	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0625)	Nessus	Red Hat Local Security Checks	critical
65202	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)	Nessus	Red Hat Local Security Checks	critical
64850	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)	Nessus	Misc.	critical
64780	SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)	Nessus	SuSE Local Security Checks	critical
64700	Mac OS X : Java for OS X 2013-001	Nessus	MacOS X Local Security Checks	critical
64639	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1724-1)	Nessus	Ubuntu Local Security Checks	critical
64605	Scientific Linux Security Update : jdk-1.6.0 on SL 5.0 - 5.8 (i386 x86_64)	Nessus	Scientific Linux Local Security Checks	critical
64563	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)	Nessus	Mandriva Local Security Checks	critical
64537	CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0247)	Nessus	CentOS Local Security Checks	critical
64536	CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)	Nessus	CentOS Local Security Checks	critical
64523	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64522	Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64521	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64520	RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0247)	Nessus	Red Hat Local Security Checks	critical
64519	RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)	Nessus	Red Hat Local Security Checks	critical
64518	RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)	Nessus	Red Hat Local Security Checks	critical
64512	CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)	Nessus	CentOS Local Security Checks	critical
64472	Mac OS X : Java for Mac OS X 10.6 Update 12	Nessus	MacOS X Local Security Checks	critical
64468	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0237)	Nessus	Red Hat Local Security Checks	critical
64467	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0236)	Nessus	Red Hat Local Security Checks	critical
64454	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)	Nessus	Windows	critical
6685	Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)	Nessus Network Monitor	Web Clients	critical

CVE-2013-0434

Description

References

Details

Risk Information

CVSS v2.0