You are here

CVE-2013-0433

Vincent (CVE) Danen's picture
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.

Details Source

Mitre

Public Date

2013-02-01 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)

Bugzilla ID

907 456

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:P/A:N

External References

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2013:0236 2013-02-04
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle) RHSA-2013:0237 2013-02-04
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2013:0237 2013-02-04
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-sun) RHSA-2013:0236 2013-02-04
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) RHSA-2013:0624 2013-03-11
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2013:0247 2013-02-08
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2013:0247 2013-02-08
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2013:0245 2013-02-08
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) RHSA-2013:0624 2013-03-11
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2013:0246 2013-02-08

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 java-1.4.2-ibm Will not fix