9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8 High
AI Score
Confidence
High
0.925 High
EPSS
Percentile
99.0%
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox.
CPE | Name | Operator | Version |
---|---|---|---|
oracle:jre | oracle jre | le | 1.7.0 |
blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/98ad2f1e25d1
lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
rhn.redhat.com/errata/RHSA-2013-0752.html
rhn.redhat.com/errata/RHSA-2013-0757.html
security.gentoo.org/glsa/glsa-201406-32.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:145
www.mandriva.com/security/advisories?name=MDVSA-2013:161
www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
www.ubuntu.com/usn/USN-1806-1
www.us-cert.gov/ncas/alerts/TA13-107A
bugzilla.redhat.com/show_bug.cgi?id=952653
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16683
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130