CVE-2013-2424

MEDIUM

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.

ID	Name	Product	Family	Severity
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
74999	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)	Nessus	SuSE Local Security Checks	critical
74991	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)	Nessus	SuSE Local Security Checks	critical
74990	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0745-1)	Nessus	SuSE Local Security Checks	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
69744	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-185)	Nessus	Amazon Linux Local Security Checks	critical
69742	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-183)	Nessus	Amazon Linux Local Security Checks	critical
68815	Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-0770)	Nessus	Oracle Linux Local Security Checks	critical
68812	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0752)	Nessus	Oracle Linux Local Security Checks	critical
68811	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-0751)	Nessus	Oracle Linux Local Security Checks	critical
66857	SuSE 10 Security Update : Java 1.5.0 (ZYPP Patch Number 8593)	Nessus	SuSE Local Security Checks	critical
66855	SuSE 11.2 / 11.3 Security Update : IBM Java 1.7.0 / IBM Java (SAT Patch Numbers 7794 / 7921)	Nessus	SuSE Local Security Checks	critical
66618	SuSE 10 Security Update : IBM Java (ZYPP Patch Number 8582)	Nessus	SuSE Local Security Checks	critical
66616	SuSE 11.2 / 11.3 Security Update : IBM Java (SAT Patch Numbers 7744 / 7920)	Nessus	SuSE Local Security Checks	critical
66550	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0855)	Nessus	Red Hat Local Security Checks	critical
66538	SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 7718)	Nessus	SuSE Local Security Checks	critical
66440	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823)	Nessus	Red Hat Local Security Checks	critical
66439	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822)	Nessus	Red Hat Local Security Checks	critical
66348	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : openjdk-6 vulnerabilities (USN-1819-1)	Nessus	Ubuntu Local Security Checks	critical
66330	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:161)	Nessus	Mandriva Local Security Checks	critical
66228	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130424)	Nessus	Scientific Linux Local Security Checks	critical
66212	RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:0770)	Nessus	Red Hat Local Security Checks	critical
66205	CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:0770)	Nessus	CentOS Local Security Checks	critical
66200	Ubuntu 12.10 : openjdk-7 vulnerabilities (USN-1806-1)	Nessus	Ubuntu Local Security Checks	critical
66030	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0758)	Nessus	Red Hat Local Security Checks	critical
66029	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0757)	Nessus	Red Hat Local Security Checks	critical
66027	CentOS 6 : java-1.7.0-openjdk (CESA-2013:0751)	Nessus	CentOS Local Security Checks	critical
66019	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20130417)	Nessus	Scientific Linux Local Security Checks	critical
66018	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20130417)	Nessus	Scientific Linux Local Security Checks	critical
66014	RHEL 5 : java-1.7.0-openjdk (RHSA-2013:0752)	Nessus	Red Hat Local Security Checks	critical
66013	RHEL 6 : java-1.7.0-openjdk (RHSA-2013:0751)	Nessus	Red Hat Local Security Checks	critical
66002	CentOS 5 : java-1.7.0-openjdk (CESA-2013:0752)	Nessus	CentOS Local Security Checks	critical
6761	Oracle Java JDK / JRE / SE Multiple Vulnerabilities (April 2013 CPU)	Nessus Network Monitor	Web Clients	critical
65999	Mac OS X : Java for OS X 2013-003	Nessus	MacOS X Local Security Checks	critical
65998	Mac OS X : Java for Mac OS X 10.6 Update 15	Nessus	MacOS X Local Security Checks	critical
65996	Oracle Java SE Multiple Vulnerabilities (April 2013 CPU) (Unix)	Nessus	Misc.	critical
65995	Oracle Java SE Multiple Vulnerabilities (April 2013 CPU)	Nessus	Windows	critical

CVE-2013-2424

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical