CVE-2013-0444
First published: Sat Feb 02 2013(Updated: )
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Java Runtime Environment (JRE) | =1.7.0 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update1 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update10 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update11 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update2 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update3 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update4 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update5 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update6 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update7 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update9 | |
| Oracle JDK 6 | =1.7.0 | |
| Oracle JDK 6 | =1.7.0-update1 | |
| Oracle JDK 6 | =1.7.0-update10 | |
| Oracle JDK 6 | =1.7.0-update11 | |
| Oracle JDK 6 | =1.7.0-update2 | |
| Oracle JDK 6 | =1.7.0-update3 | |
| Oracle JDK 6 | =1.7.0-update4 | |
| Oracle JDK 6 | =1.7.0-update5 | |
| Oracle JDK 6 | =1.7.0-update6 | |
| Oracle JDK 6 | =1.7.0-update7 | |
| Oracle JDK 6 | =1.7.0-update9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218
- http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39
- http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://rhn.redhat.com/errata/RHSA-2013-0247.html
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www.kb.cert.org/vuls/id/858729
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
- http://www.us-cert.gov/cas/techalerts/TA13-032A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16614
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19349
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Frequently Asked Questions
What is the severity of CVE-2013-0444?
CVE-2013-0444 has not been assigned a specific severity rating but it can potentially affect confidentiality, integrity, and availability.
How do I fix CVE-2013-0444?
To fix CVE-2013-0444, you should update Oracle Java SE to the latest version available.
What versions are affected by CVE-2013-0444?
CVE-2013-0444 affects Oracle Java SE 7 through Update 11 and OpenJDK 7.
Was CVE-2013-0444 publicly disclosed?
Yes, CVE-2013-0444 was publicly disclosed and is related to issues in the Java Runtime Environment.
What types of attacks can CVE-2013-0444 enable?
CVE-2013-0444 can potentially allow remote attackers to exploit the vulnerability through unknown vectors.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0
- version/oracle java runtime environment (jre)/1.7.0-update1
- version/oracle java runtime environment (jre)/1.7.0-update10
- version/oracle java runtime environment (jre)/1.7.0-update11
- version/oracle java runtime environment (jre)/1.7.0-update2
- version/oracle java runtime environment (jre)/1.7.0-update3
- version/oracle java runtime environment (jre)/1.7.0-update4
- version/oracle java runtime environment (jre)/1.7.0-update5
- version/oracle java runtime environment (jre)/1.7.0-update6
- version/oracle java runtime environment (jre)/1.7.0-update7
- version/oracle java runtime environment (jre)/1.7.0-update9
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0
- version/oracle jdk 6/1.7.0-update1
- version/oracle jdk 6/1.7.0-update10
- version/oracle jdk 6/1.7.0-update11
- version/oracle jdk 6/1.7.0-update2
- version/oracle jdk 6/1.7.0-update3
- version/oracle jdk 6/1.7.0-update4
- version/oracle jdk 6/1.7.0-update5
- version/oracle jdk 6/1.7.0-update6
- version/oracle jdk 6/1.7.0-update7
- version/oracle jdk 6/1.7.0-update9