CVE-2013-0425 — Oracle JDK vulnerability

9 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.5%

top 18.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE SUN JDK +1 more

Timeline

PublishedFeb 2

Latest updateMay 5

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another v…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDoracle/jdk1.4.2_40+4

▶NVDoracle/jre1.4.2_40+4

▶NVDsun/jdk37 versions+36

▶NVDsun/jre40 versions+39

🔴Vulnerability Details

GHSA

GHSA-58g3-37cc-r74w: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2022-05-05

▶

CVEList

CVE-2013-0425: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2013-02-02

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2013-02-14

▶

Red Hat

OpenJDK: logging insufficient access control checks (Libraries, 6664509)↗2013-02-01

▶

Red Hat

OpenJDK: logging insufficient access control checks (Libraries, 6664528)↗2013-02-01

▶

Red Hat

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)↗2013-02-01

▶

💬Community

Bugzilla

CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)↗2013-02-04

▶