You are here

CVE-2013-0441

Vincent (CVE) Danen's picture
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."

Details Source

Mitre

Public Date

2013-02-01 00:00:00

Impact

Critical

Bugzilla

CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)

Bugzilla ID

907 458

CVSS Status

verified

Base Score

6.80

Base Metrics

AV:N/AC:M/Au:N/C:P/I:P/A:P

External References

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-sun) RHSA-2013:0236 2013-02-04
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-oracle) RHSA-2013:0237 2013-02-04
Red Hat Satellite 5.5 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-oracle) RHSA-2013:0237 2013-02-04
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-sun) RHSA-2013:0236 2013-02-04
Red Hat Satellite 5.4 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Satellite 5.4 (RHEL v.6) (java-1.6.0-ibm) RHSA-2013:1455 2013-10-23
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2013:0247 2013-02-08
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2013:0247 2013-02-08
Red Hat Satellite 5.5 (RHEL v.5) (java-1.6.0-ibm) RHSA-2013:1456 2013-10-23
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2013:0245 2013-02-08
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2013:0626 2013-03-11
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2013:0625 2013-03-11
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2013:0246 2013-02-08

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 java-1.5.0-ibm Not affected
Red Hat Enterprise Linux 5 java-1.4.2-ibm Will not fix
Red Hat Enterprise Linux 5 java-1.5.0-ibm Not affected