CVE-2013-0434

Oracle Java SE <7 Update 11,6 Update 38,5.0 Update 38,1.4.2_40 - In...

Title source: llm
STIX 2.1

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.

References (27)

Core 27
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0236.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0237.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0247.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0246.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0245.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136570436423916&w=2
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19430
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/858729
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16528
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19505
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57730
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19272
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Scores

EPSS 0.0029
EPSS Percentile 52.3%

Details

Status published
Products (7)
oracle/jdk 1.7.0 (11 CPE variants)
oracle/jdk 1.6.0 update22 (15 CPE variants)
oracle/jdk 1.5.0 update36 (2 CPE variants)
oracle/jdk 1.4.2_38
oracle/jdk < 1.4.2_40
oracle/jre 1.7.0 (11 CPE variants)
oracle/jre 1.6.0 update22 (9 CPE variants)
Published Feb 02, 2013
Tracked Since Feb 18, 2026