CVE-2013-5870

MEDIUM

Description

Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

References

http://marc.info/?l=bugtraq&m=139402697611681&w=2

http://osvdb.org/101994

http://rhn.redhat.com/errata/RHSA-2014-0030.html

http://secunia.com/advisories/56484

http://secunia.com/advisories/56485

http://secunia.com/advisories/56535

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.securityfocus.com/bid/64758

http://www.securityfocus.com/bid/64929

http://www.securitytracker.com/id/1029608

https://exchange.xforce.ibmcloud.com/vulnerabilities/90337

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777

Details

Source: MITRE

Published: 2014-01-15

Updated: 2017-08-29

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node_supplementary:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.5.z:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*

Configuration 2

AND

cpe:2.3:a:hp:jdk:*:*:*:*:*:*:*:*

cpe:2.3:a:hp:jre:*:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*

ID	Name	Product	Family	Severity
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71987	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0030)	Nessus	Red Hat Local Security Checks	critical
71967	Oracle Java SE Multiple Vulnerabilities (January 2014 CPU) (Unix)	Nessus	Misc.	critical
71966	Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)	Nessus	Windows	critical