CVE-2013-1475 — Oracle JDK vulnerability

8 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.0%

top 22.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE SUN JDK +1 more

Timeline

PublishedFeb 2

Latest updateMay 14

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectSt…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶NVDoracle/jdk1.4.2_40+4

▶NVDoracle/jre1.4.2_40+4

▶NVDsun/jdk37 versions+36

▶NVDsun/jre40 versions+39

🔴Vulnerability Details

GHSA

GHSA-6r72-525q-8rvj: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2022-05-14

▶

CVEList

CVE-2013-1475: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5↗2013-02-02

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2013-02-14

▶

Red Hat

OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)↗2013-02-01

▶

Red Hat

OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)↗2013-02-01

▶

Red Hat

OpenJDK: missing serialization restriction (CORBA, 7201066)↗2013-02-01

▶

💬Community

Bugzilla

CVE-2013-1475 OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)↗2012-09-26

▶