CVE-2013-0435 — Oracle JDK vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE SUN JDK +1 more

Timeline

PublishedFeb 2

Latest updateMay 5

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDoracle/jdk1.6.0, 1.7.0+1

▶NVDoracle/jre1.6.0, 1.7.0+1

▶NVDsun/jdk1.6.0

▶NVDsun/jre1.6.0

🔴Vulnerability Details

GHSA

GHSA-hv74-3r93-2vw8: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6↗2022-05-05

▶

CVEList

CVE-2013-0435: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6↗2013-02-02

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2013-02-14

▶

Red Hat

OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)↗2013-02-01

▶

💬Community

Bugzilla

CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)↗2013-02-01

▶