CVE-2013-0443

MEDIUM

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.

ID	Name	Product	Family	Severity
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
77326	Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)	Nessus	Misc.	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
74907	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)	Nessus	SuSE Local Security Checks	critical
74896	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0308-1)	Nessus	SuSE Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
69715	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-156)	Nessus	Amazon Linux Local Security Checks	critical
69714	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-155)	Nessus	Amazon Linux Local Security Checks	critical
68728	Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0247)	Nessus	Oracle Linux Local Security Checks	critical
68727	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0246)	Nessus	Oracle Linux Local Security Checks	critical
68726	Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0245)	Nessus	Oracle Linux Local Security Checks	critical
66375	IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities	Nessus	Web Servers	critical
66374	IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities	Nessus	Web Servers	critical
66107	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)	Nessus	Mandriva Local Security Checks	critical
65599	SuSE 10 Security Update : Java (ZYPP Patch Number 8483)	Nessus	SuSE Local Security Checks	critical
65597	SuSE 11.2 Security Update : Java (SAT Patch Number 7481)	Nessus	SuSE Local Security Checks	critical
65570	SuSE 10 Security Update : Java (ZYPP Patch Number 8495)	Nessus	SuSE Local Security Checks	critical
65546	SuSE 10 Security Update : Java (ZYPP Patch Number 8481)	Nessus	SuSE Local Security Checks	critical
65545	SuSE 11.2 Security Update : Java (SAT Patch Number 7450)	Nessus	SuSE Local Security Checks	critical
65246	SuSE 11.2 Security Update : Java (SAT Patch Number 7454)	Nessus	SuSE Local Security Checks	critical
65204	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0626)	Nessus	Red Hat Local Security Checks	critical
65203	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0625)	Nessus	Red Hat Local Security Checks	critical
65202	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0624)	Nessus	Red Hat Local Security Checks	critical
64850	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU) (Unix)	Nessus	Misc.	critical
64780	SuSE 11.2 Security Update : Java 1.6.0 (SAT Patch Number 7332)	Nessus	SuSE Local Security Checks	critical
64700	Mac OS X : Java for OS X 2013-001	Nessus	MacOS X Local Security Checks	critical
64639	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1724-1)	Nessus	Ubuntu Local Security Checks	critical
64605	Scientific Linux Security Update : jdk-1.6.0 on SL 5.0 - 5.8 (i386 x86_64)	Nessus	Scientific Linux Local Security Checks	critical
64563	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:010)	Nessus	Mandriva Local Security Checks	critical
64537	CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0247)	Nessus	CentOS Local Security Checks	critical
64536	CentOS 6 : java-1.6.0-openjdk (CESA-2013:0245)	Nessus	CentOS Local Security Checks	critical
64523	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64522	Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64521	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
64520	RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0247)	Nessus	Red Hat Local Security Checks	critical
64519	RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0246)	Nessus	Red Hat Local Security Checks	critical
64518	RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0245)	Nessus	Red Hat Local Security Checks	critical
64512	CentOS 5 : java-1.6.0-openjdk (CESA-2013:0246)	Nessus	CentOS Local Security Checks	critical
64472	Mac OS X : Java for Mac OS X 10.6 Update 12	Nessus	MacOS X Local Security Checks	critical
64468	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0237)	Nessus	Red Hat Local Security Checks	critical
64467	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0236)	Nessus	Red Hat Local Security Checks	critical
64454	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)	Nessus	Windows	critical
6685	Oracle Java SE 7 <= Update 11 Multiple Vulnerabilities (February 2013 CPU)	Nessus Network Monitor	Web Clients	critical

CVE-2013-0443

Description

References

Details

Risk Information

CVSS v2.0