CVE-2013-0445
First published: Fri Feb 01 2013(Updated: )
It was discovered that AWT component in the OpenJDK did not properly check privileges of the code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. External Reference: <a href="http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html">http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html</a>
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/icedtea6 | <1.11.6 | 1.11.6 |
| redhat/icedtea6 | <1.12.1 | 1.12.1 |
| redhat/icedtea7 | <2.1.5 | 2.1.5 |
| redhat/icedtea7 | <2.2.5 | 2.2.5 |
| redhat/icedtea7 | <2.3.6 | 2.3.6 |
| Oracle Java Runtime Environment (JRE) | =1.7.0 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update1 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update10 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update11 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update2 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update3 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update4 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update5 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update6 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update7 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update9 | |
| Oracle JDK 6 | =1.7.0 | |
| Oracle JDK 6 | =1.7.0-update1 | |
| Oracle JDK 6 | =1.7.0-update10 | |
| Oracle JDK 6 | =1.7.0-update11 | |
| Oracle JDK 6 | =1.7.0-update2 | |
| Oracle JDK 6 | =1.7.0-update3 | |
| Oracle JDK 6 | =1.7.0-update4 | |
| Oracle JDK 6 | =1.7.0-update5 | |
| Oracle JDK 6 | =1.7.0-update6 | |
| Oracle JDK 6 | =1.7.0-update7 | |
| Oracle JDK 6 | =1.7.0-update9 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update22 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update23 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update24 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update25 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update26 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update27 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update29 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update30 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update31 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update32 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update33 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update34 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update35 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update37 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update38 | |
| Sun JRE | =1.6.0 | |
| Sun JRE | =1.6.0-update_1 | |
| Sun JRE | =1.6.0-update_10 | |
| Sun JRE | =1.6.0-update_11 | |
| Sun JRE | =1.6.0-update_12 | |
| Sun JRE | =1.6.0-update_13 | |
| Sun JRE | =1.6.0-update_14 | |
| Sun JRE | =1.6.0-update_15 | |
| Sun JRE | =1.6.0-update_16 | |
| Sun JRE | =1.6.0-update_17 | |
| Sun JRE | =1.6.0-update_18 | |
| Sun JRE | =1.6.0-update_19 | |
| Sun JRE | =1.6.0-update_2 | |
| Sun JRE | =1.6.0-update_20 | |
| Sun JRE | =1.6.0-update_21 | |
| Sun JRE | =1.6.0-update_3 | |
| Sun JRE | =1.6.0-update_4 | |
| Sun JRE | =1.6.0-update_5 | |
| Sun JRE | =1.6.0-update_6 | |
| Sun JRE | =1.6.0-update_7 | |
| Sun JRE | =1.6.0-update_9 | |
| Oracle JDK 6 | =1.6.0-update22 | |
| Oracle JDK 6 | =1.6.0-update23 | |
| Oracle JDK 6 | =1.6.0-update24 | |
| Oracle JDK 6 | =1.6.0-update25 | |
| Oracle JDK 6 | =1.6.0-update26 | |
| Oracle JDK 6 | =1.6.0-update27 | |
| Oracle JDK 6 | =1.6.0-update29 | |
| Oracle JDK 6 | =1.6.0-update30 | |
| Oracle JDK 6 | =1.6.0-update31 | |
| Oracle JDK 6 | =1.6.0-update32 | |
| Oracle JDK 6 | =1.6.0-update33 | |
| Oracle JDK 6 | =1.6.0-update34 | |
| Oracle JDK 6 | =1.6.0-update35 | |
| Oracle JDK 6 | =1.6.0-update37 | |
| Oracle JDK 6 | =1.6.0-update38 | |
| Sun JDK | =1.6.0 | |
| Sun JDK | =1.6.0-update_10 | |
| Sun JDK | =1.6.0-update_11 | |
| Sun JDK | =1.6.0-update_12 | |
| Sun JDK | =1.6.0-update_13 | |
| Sun JDK | =1.6.0-update_14 | |
| Sun JDK | =1.6.0-update_15 | |
| Sun JDK | =1.6.0-update_16 | |
| Sun JDK | =1.6.0-update_17 | |
| Sun JDK | =1.6.0-update_18 | |
| Sun JDK | =1.6.0-update_19 | |
| Sun JDK | =1.6.0-update_20 | |
| Sun JDK | =1.6.0-update_21 | |
| Sun JDK | =1.6.0-update_3 | |
| Sun JDK | =1.6.0-update_4 | |
| Sun JDK | =1.6.0-update_5 | |
| Sun JDK | =1.6.0-update_6 | |
| Sun JDK | =1.6.0-update_7 | |
| Sun JDK | =1.6.0-update1 | |
| Sun JDK | =1.6.0-update1_b06 | |
| Sun JDK | =1.6.0-update2 | |
| Oracle Java Runtime Environment (JRE) | =1.5.0-update36 | |
| Oracle Java Runtime Environment (JRE) | =1.5.0-update38 | |
| Sun JRE | =1.5.0 | |
| Sun JRE | =1.5.0-update1 | |
| Sun JRE | =1.5.0-update10 | |
| Sun JRE | =1.5.0-update11 | |
| Sun JRE | =1.5.0-update12 | |
| Sun JRE | =1.5.0-update13 | |
| Sun JRE | =1.5.0-update14 | |
| Sun JRE | =1.5.0-update15 | |
| Sun JRE | =1.5.0-update16 | |
| Sun JRE | =1.5.0-update17 | |
| Sun JRE | =1.5.0-update18 | |
| Sun JRE | =1.5.0-update19 | |
| Sun JRE | =1.5.0-update2 | |
| Sun JRE | =1.5.0-update20 | |
| Sun JRE | =1.5.0-update21 | |
| Sun JRE | =1.5.0-update22 | |
| Sun JRE | =1.5.0-update23 | |
| Sun JRE | =1.5.0-update24 | |
| Sun JRE | =1.5.0-update25 | |
| Sun JRE | =1.5.0-update26 | |
| Sun JRE | =1.5.0-update27 | |
| Sun JRE | =1.5.0-update28 | |
| Sun JRE | =1.5.0-update29 | |
| Sun JRE | =1.5.0-update3 | |
| Sun JRE | =1.5.0-update31 | |
| Sun JRE | =1.5.0-update33 | |
| Sun JRE | =1.5.0-update4 | |
| Sun JRE | =1.5.0-update5 | |
| Sun JRE | =1.5.0-update6 | |
| Sun JRE | =1.5.0-update7 | |
| Sun JRE | =1.5.0-update8 | |
| Sun JRE | =1.5.0-update9 | |
| Oracle JDK 6 | =1.5.0-update36 | |
| Oracle JDK 6 | =1.5.0-update38 | |
| Sun JDK | =1.5.0 | |
| Sun JDK | =1.5.0-update1 | |
| Sun JDK | =1.5.0-update10 | |
| Sun JDK | =1.5.0-update11 | |
| Sun JDK | =1.5.0-update11_b03 | |
| Sun JDK | =1.5.0-update12 | |
| Sun JDK | =1.5.0-update13 | |
| Sun JDK | =1.5.0-update14 | |
| Sun JDK | =1.5.0-update15 | |
| Sun JDK | =1.5.0-update16 | |
| Sun JDK | =1.5.0-update17 | |
| Sun JDK | =1.5.0-update18 | |
| Sun JDK | =1.5.0-update19 | |
| Sun JDK | =1.5.0-update2 | |
| Sun JDK | =1.5.0-update20 | |
| Sun JDK | =1.5.0-update21 | |
| Sun JDK | =1.5.0-update22 | |
| Sun JDK | =1.5.0-update23 | |
| Sun JDK | =1.5.0-update24 | |
| Sun JDK | =1.5.0-update25 | |
| Sun JDK | =1.5.0-update26 | |
| Sun JDK | =1.5.0-update27 | |
| Sun JDK | =1.5.0-update28 | |
| Sun JDK | =1.5.0-update29 | |
| Sun JDK | =1.5.0-update3 | |
| Sun JDK | =1.5.0-update31 | |
| Sun JDK | =1.5.0-update33 | |
| Sun JDK | =1.5.0-update4 | |
| Sun JDK | =1.5.0-update5 | |
| Sun JDK | =1.5.0-update6 | |
| Sun JDK | =1.5.0-update7 | |
| Sun JDK | =1.5.0-update7_b03 | |
| Sun JDK | =1.5.0-update8 | |
| Sun JDK | =1.5.0-update9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
- http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
- https://access.redhat.com/security/cve/CVE-2013-0445
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=906900
- https://access.redhat.com/security/cve/CVE-2013-0442
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=906899
- https://rhn.redhat.com/errata/RHSA-2013-0237.html
- https://rhn.redhat.com/errata/RHSA-2013-0236.html
- https://rhn.redhat.com/errata/RHSA-2013-0246.html
- https://rhn.redhat.com/errata/RHSA-2013-0247.html
- https://rhn.redhat.com/errata/RHSA-2013-0245.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021708.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021728.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021905.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-February/021876.html
- https://rhn.redhat.com/errata/RHSA-2013-0624.html
- https://rhn.redhat.com/errata/RHSA-2013-0626.html
- https://rhn.redhat.com/errata/RHSA-2013-0625.html
- https://rhn.redhat.com/errata/RHSA-2013-1456.html
- https://rhn.redhat.com/errata/RHSA-2013-1455.html
- https://bugzilla.redhat.com/show_bug.cgi?id=906900
- http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136570436423916&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0236.html
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://rhn.redhat.com/errata/RHSA-2013-0245.html
- http://rhn.redhat.com/errata/RHSA-2013-0246.html
- http://rhn.redhat.com/errata/RHSA-2013-0247.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://www.kb.cert.org/vuls/id/858729
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
- http://www.securityfocus.com/bid/57689
- http://www.us-cert.gov/cas/techalerts/TA13-032A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16680
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19282
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19304
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19372
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056
Frequently Asked Questions
What is the severity of CVE-2013-0445?
The CVE-2013-0445 vulnerability is considered high severity as it allows untrusted Java applications to bypass Java sandbox restrictions.
How do I fix CVE-2013-0445?
To fix CVE-2013-0445, update to the latest versions of affected packages like IcedTea6 or IcedTea7, specifically versions 1.11.6, 1.12.1, 2.1.5, 2.2.5, or 2.3.6.
Which systems are affected by CVE-2013-0445?
CVE-2013-0445 affects multiple versions of Oracle JDK and JRE, as well as the IcedTea packages on certain Linux distributions.
Is CVE-2013-0445 still a concern in 2023?
While CVE-2013-0445 is several years old, systems still using the vulnerable software versions remain at risk and should be updated promptly.
What types of exploits can be performed due to CVE-2013-0445?
Exploiting CVE-2013-0445 can lead to unauthorized access and execution of arbitrary code within the Java application environment.
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-0445
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/oracle
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.7.0
- version/oracle java runtime environment (jre)/1.7.0-update1
- version/oracle java runtime environment (jre)/1.7.0-update10
- version/oracle java runtime environment (jre)/1.7.0-update11
- version/oracle java runtime environment (jre)/1.7.0-update2
- version/oracle java runtime environment (jre)/1.7.0-update3
- version/oracle java runtime environment (jre)/1.7.0-update4
- version/oracle java runtime environment (jre)/1.7.0-update5
- version/oracle java runtime environment (jre)/1.7.0-update6
- version/oracle java runtime environment (jre)/1.7.0-update7
- version/oracle java runtime environment (jre)/1.7.0-update9
- canonical/oracle jdk 6
- version/oracle jdk 6/1.7.0
- version/oracle jdk 6/1.7.0-update1
- version/oracle jdk 6/1.7.0-update10
- version/oracle jdk 6/1.7.0-update11
- version/oracle jdk 6/1.7.0-update2
- version/oracle jdk 6/1.7.0-update3
- version/oracle jdk 6/1.7.0-update4
- version/oracle jdk 6/1.7.0-update5
- version/oracle jdk 6/1.7.0-update6
- version/oracle jdk 6/1.7.0-update7
- version/oracle jdk 6/1.7.0-update9
- version/oracle java runtime environment (jre)/1.6.0-update22
- version/oracle java runtime environment (jre)/1.6.0-update23
- version/oracle java runtime environment (jre)/1.6.0-update24
- version/oracle java runtime environment (jre)/1.6.0-update25
- version/oracle java runtime environment (jre)/1.6.0-update26
- version/oracle java runtime environment (jre)/1.6.0-update27
- version/oracle java runtime environment (jre)/1.6.0-update29
- version/oracle java runtime environment (jre)/1.6.0-update30
- version/oracle java runtime environment (jre)/1.6.0-update31
- version/oracle java runtime environment (jre)/1.6.0-update32
- version/oracle java runtime environment (jre)/1.6.0-update33
- version/oracle java runtime environment (jre)/1.6.0-update34
- version/oracle java runtime environment (jre)/1.6.0-update35
- version/oracle java runtime environment (jre)/1.6.0-update37
- version/oracle java runtime environment (jre)/1.6.0-update38
- vendor/sun
- canonical/sun jre
- version/sun jre/1.6.0
- version/sun jre/1.6.0-update_1
- version/sun jre/1.6.0-update_10
- version/sun jre/1.6.0-update_11
- version/sun jre/1.6.0-update_12
- version/sun jre/1.6.0-update_13
- version/sun jre/1.6.0-update_14
- version/sun jre/1.6.0-update_15
- version/sun jre/1.6.0-update_16
- version/sun jre/1.6.0-update_17
- version/sun jre/1.6.0-update_18
- version/sun jre/1.6.0-update_19
- version/sun jre/1.6.0-update_2
- version/sun jre/1.6.0-update_20
- version/sun jre/1.6.0-update_21
- version/sun jre/1.6.0-update_3
- version/sun jre/1.6.0-update_4
- version/sun jre/1.6.0-update_5
- version/sun jre/1.6.0-update_6
- version/sun jre/1.6.0-update_7
- version/sun jre/1.6.0-update_9
- version/oracle jdk 6/1.6.0-update22
- version/oracle jdk 6/1.6.0-update23
- version/oracle jdk 6/1.6.0-update24
- version/oracle jdk 6/1.6.0-update25
- version/oracle jdk 6/1.6.0-update26
- version/oracle jdk 6/1.6.0-update27
- version/oracle jdk 6/1.6.0-update29
- version/oracle jdk 6/1.6.0-update30
- version/oracle jdk 6/1.6.0-update31
- version/oracle jdk 6/1.6.0-update32
- version/oracle jdk 6/1.6.0-update33
- version/oracle jdk 6/1.6.0-update34
- version/oracle jdk 6/1.6.0-update35
- version/oracle jdk 6/1.6.0-update37
- version/oracle jdk 6/1.6.0-update38
- canonical/sun jdk
- version/sun jdk/1.6.0
- version/sun jdk/1.6.0-update_10
- version/sun jdk/1.6.0-update_11
- version/sun jdk/1.6.0-update_12
- version/sun jdk/1.6.0-update_13
- version/sun jdk/1.6.0-update_14
- version/sun jdk/1.6.0-update_15
- version/sun jdk/1.6.0-update_16
- version/sun jdk/1.6.0-update_17
- version/sun jdk/1.6.0-update_18
- version/sun jdk/1.6.0-update_19
- version/sun jdk/1.6.0-update_20
- version/sun jdk/1.6.0-update_21
- version/sun jdk/1.6.0-update_3
- version/sun jdk/1.6.0-update_4
- version/sun jdk/1.6.0-update_5
- version/sun jdk/1.6.0-update_6
- version/sun jdk/1.6.0-update_7
- version/sun jdk/1.6.0-update1
- version/sun jdk/1.6.0-update1_b06
- version/sun jdk/1.6.0-update2
- version/oracle java runtime environment (jre)/1.5.0-update36
- version/oracle java runtime environment (jre)/1.5.0-update38
- version/sun jre/1.5.0
- version/sun jre/1.5.0-update1
- version/sun jre/1.5.0-update10
- version/sun jre/1.5.0-update11
- version/sun jre/1.5.0-update12
- version/sun jre/1.5.0-update13
- version/sun jre/1.5.0-update14
- version/sun jre/1.5.0-update15
- version/sun jre/1.5.0-update16
- version/sun jre/1.5.0-update17
- version/sun jre/1.5.0-update18
- version/sun jre/1.5.0-update19
- version/sun jre/1.5.0-update2
- version/sun jre/1.5.0-update20
- version/sun jre/1.5.0-update21
- version/sun jre/1.5.0-update22
- version/sun jre/1.5.0-update23
- version/sun jre/1.5.0-update24
- version/sun jre/1.5.0-update25
- version/sun jre/1.5.0-update26
- version/sun jre/1.5.0-update27
- version/sun jre/1.5.0-update28
- version/sun jre/1.5.0-update29
- version/sun jre/1.5.0-update3
- version/sun jre/1.5.0-update31
- version/sun jre/1.5.0-update33
- version/sun jre/1.5.0-update4
- version/sun jre/1.5.0-update5
- version/sun jre/1.5.0-update6
- version/sun jre/1.5.0-update7
- version/sun jre/1.5.0-update8
- version/sun jre/1.5.0-update9
- version/oracle jdk 6/1.5.0-update36
- version/oracle jdk 6/1.5.0-update38
- version/sun jdk/1.5.0
- version/sun jdk/1.5.0-update1
- version/sun jdk/1.5.0-update10
- version/sun jdk/1.5.0-update11
- version/sun jdk/1.5.0-update11_b03
- version/sun jdk/1.5.0-update12
- version/sun jdk/1.5.0-update13
- version/sun jdk/1.5.0-update14
- version/sun jdk/1.5.0-update15
- version/sun jdk/1.5.0-update16
- version/sun jdk/1.5.0-update17
- version/sun jdk/1.5.0-update18
- version/sun jdk/1.5.0-update19
- version/sun jdk/1.5.0-update2
- version/sun jdk/1.5.0-update20
- version/sun jdk/1.5.0-update21
- version/sun jdk/1.5.0-update22
- version/sun jdk/1.5.0-update23
- version/sun jdk/1.5.0-update24
- version/sun jdk/1.5.0-update25
- version/sun jdk/1.5.0-update26
- version/sun jdk/1.5.0-update27
- version/sun jdk/1.5.0-update28
- version/sun jdk/1.5.0-update29
- version/sun jdk/1.5.0-update3
- version/sun jdk/1.5.0-update31
- version/sun jdk/1.5.0-update33
- version/sun jdk/1.5.0-update4
- version/sun jdk/1.5.0-update5
- version/sun jdk/1.5.0-update6
- version/sun jdk/1.5.0-update7
- version/sun jdk/1.5.0-update7_b03
- version/sun jdk/1.5.0-update8
- version/sun jdk/1.5.0-update9