CVE-2013-0432 — Oracle JDK vulnerability

7 documents7 sources

Severity

6.4MEDIUMNVD

EPSS

0.8%

top 25.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE SUN JDK +1 more

Timeline

PublishedFeb 2

Latest updateMay 5

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶NVDoracle/jdk1.4.2_40+4

▶NVDoracle/jre1.4.2_40+4

▶NVDsun/jdk37 versions+36

▶NVDsun/jre40 versions+39

🔴Vulnerability Details

GHSA

GHSA-qrmf-26m7-r8fr: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2022-05-05

▶

CVEList

CVE-2013-0432: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2013-02-02

▶

💥Exploits & PoCs

Exploit-DB

Novell NCP - Remote Command Execution↗2013-01-18

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2013-02-14

▶

Red Hat

OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)↗2013-02-01

▶

💬Community

Bugzilla

CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)↗2013-02-03

▶