Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2013-0401
Description:The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.
Test IDs: 1.3.6.1.4.1.25623.1.1.4.2013.0871.1   1.3.6.1.4.1.25623.1.1.4.2013.0871.2   1.3.6.1.4.1.25623.1.1.4.2013.0835.2   1.3.6.1.4.1.25623.1.1.4.2013.0835.3   1.3.6.1.4.1.25623.1.1.4.2013.0835.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-0401
Cert/CC Advisory: TA13-107A
http://www.us-cert.gov/ncas/alerts/TA13-107A
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBUX02889
http://marc.info/?l=bugtraq&m=137283787217316&w=2
HPdes Security Advisory: HPSBUX02922
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
HPdes Security Advisory: SSRT101252
http://marc.info/?l=bugtraq&m=137283787217316&w=2
HPdes Security Advisory: SSRT101305
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://www.mandriva.com/security/advisories?name=MDVSA-2013:145
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044
http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/
https://bugzilla.redhat.com/show_bug.cgi?id=920245
https://twitter.com/thezdi/status/309784608508100608
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19463
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19641
RedHat Security Advisories: RHSA-2013:0752
http://rhn.redhat.com/errata/RHSA-2013-0752.html
RedHat Security Advisories: RHSA-2013:0757
http://rhn.redhat.com/errata/RHSA-2013-0757.html
RedHat Security Advisories: RHSA-2013:0758
http://rhn.redhat.com/errata/RHSA-2013-0758.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
RedHat Security Advisories: RHSA-2013:1456
http://rhn.redhat.com/errata/RHSA-2013-1456.html
SuSE Security Announcement: SUSE-SU-2013:0814 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2013:0835 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html
SuSE Security Announcement: SUSE-SU-2013:0871 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html
SuSE Security Announcement: openSUSE-SU-2013:0777 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
SuSE Security Announcement: openSUSE-SU-2013:0964 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
http://www.ubuntu.com/usn/USN-1806-1




© 1998-2024 E-Soft Inc. All rights reserved.