CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
98.8%
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7
Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and
earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers
to affect integrity via unknown vectors related to Javadoc. NOTE: the
previous information is from the June 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to frame injection in
HTML that is generated by Javadoc.
Author | Note |
---|---|
mdeslaur | in lucid+, NetX and the plugin moved to the icedtea-web package |
jdstrand | sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-06-19, upstream IcedTea updates are not available updates break the icedtea-web plugin and it will need this fix: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023745.html |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | openjdk-6 | < 6b27-1.12.6-1ubuntu0.10.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-6 | < 6b27-1.12.6-1ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-6 | < 6b27-1.12.6-1ubuntu0.12.10.2 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-6 | < 6b27-1.12.6-1ubuntu0.13.04.2 | UNKNOWN |
ubuntu | 12.04 | noarch | openjdk-7 | < 7u25-2.3.10-1ubuntu0.12.04.2 | UNKNOWN |
ubuntu | 12.10 | noarch | openjdk-7 | < 7u25-2.3.10-1ubuntu0.12.10.2 | UNKNOWN |
ubuntu | 13.04 | noarch | openjdk-7 | < 7u25-2.3.10-1ubuntu0.13.04.2 | UNKNOWN |
blog.fuseyism.com/index.php/2013/06/19/imminent-icedtea-web-breakage/
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
launchpad.net/bugs/cve/CVE-2013-1571
nvd.nist.gov/vuln/detail/CVE-2013-1571
security-tracker.debian.org/tracker/CVE-2013-1571
ubuntu.com/security/notices/USN-1907-1
ubuntu.com/security/notices/USN-1908-1
www.cve.org/CVERecord?id=CVE-2013-1571