Executive Summary

Informations
NameCVE-2013-2431First vendor Publication2013-04-17
VendorCveLast vendor Modification2017-09-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20467
 
Oval ID: oval:org.mitre.oval:def:20467
Title: RHSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): RHSA-2013:0770-01
CESA-2013:0770
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 283
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16410
 
Oval ID: oval:org.mitre.oval:def:16410
Title: Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: windows Class: vulnerability
Reference(s): CVE-2013-2431
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24051
 
Oval ID: oval:org.mitre.oval:def:24051
Title: ELSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): ELSA-2013:0770-01
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 85
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23493
 
Oval ID: oval:org.mitre.oval:def:23493
Title: DEPRECATED: ELSA-2013:0770: java-1.6.0-openjdk security update (Important)
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."
Family: unix Class: patch
Reference(s): ELSA-2013:0770-01
CVE-2013-0401
CVE-2013-1488
CVE-2013-1518
CVE-2013-1537
CVE-2013-1557
CVE-2013-1558
CVE-2013-1569
CVE-2013-2383
CVE-2013-2384
CVE-2013-2415
CVE-2013-2417
CVE-2013-2419
CVE-2013-2420
CVE-2013-2421
CVE-2013-2422
CVE-2013-2424
CVE-2013-2426
CVE-2013-2429
CVE-2013-2430
CVE-2013-2431
Version: 86
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.6.0-openjdk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application78
Application76

Nessus® Vulnerability Scanner

DateDescription
2014-06-30Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-402.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-410.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-426.nasl - Type : ACT_GATHER_INFO
2014-01-27Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-08Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2014-01-08Name : The remote server is affected by multiple vulnerabilities.
File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote host has software installed that is affected by multiple vulnerabi...
File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO
2013-11-04Name : The remote server is affected by multiple vulnerabilities.
File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-183.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-185.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0751.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0752.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0770.nasl - Type : ACT_GATHER_INFO
2013-05-22Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-130512.nasl - Type : ACT_GATHER_INFO
2013-05-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1819-1.nasl - Type : ACT_GATHER_INFO
2013-05-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-161.nasl - Type : ACT_GATHER_INFO
2013-04-26Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130424_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-04-26Name : The remote Fedora host is missing a security update.
File : fedora_2013-6368.nasl - Type : ACT_GATHER_INFO
2013-04-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO
2013-04-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0770.nasl - Type : ACT_GATHER_INFO
2013-04-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1806-1.nasl - Type : ACT_GATHER_INFO
2013-04-20Name : The remote Fedora host is missing a security update.
File : fedora_2013-5922.nasl - Type : ACT_GATHER_INFO
2013-04-19Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO
2013-04-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0757.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote Fedora host is missing a security update.
File : fedora_2013-5958.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130417_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130417_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO
2013-04-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO
2013-04-17Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_apr_2013.nasl - Type : ACT_GATHER_INFO
2013-04-17Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_apr_2013_unix.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CERT http://www.us-cert.gov/ncas/alerts/TA13-107A
CONFIRM http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-open...
http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5...
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
GENTOO http://security.gentoo.org/glsa/glsa-201406-32.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:145
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
MISC http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/c954aab38a7f
https://bugzilla.redhat.com/show_bug.cgi?id=952645
MLIST http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
REDHAT http://rhn.redhat.com/errata/RHSA-2013-0752.html
http://rhn.redhat.com/errata/RHSA-2013-0757.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
UBUNTU http://www.ubuntu.com/usn/USN-1806-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
DateInformations
2019-05-10 12:05:22
  • Multiple Updates
2018-10-30 12:05:53
  • Multiple Updates
2018-10-23 12:04:40
  • Multiple Updates
2018-07-25 12:03:48
  • Multiple Updates
2018-04-28 12:01:05
  • Multiple Updates
2018-02-02 12:02:11
  • Multiple Updates
2017-10-25 12:01:00
  • Multiple Updates
2017-09-19 09:25:58
  • Multiple Updates
2017-08-16 12:02:21
  • Multiple Updates
2017-05-12 12:04:36
  • Multiple Updates
2017-02-10 12:00:43
  • Multiple Updates
2016-11-01 12:04:13
  • Multiple Updates
2016-07-27 12:00:46
  • Multiple Updates
2016-06-28 19:29:34
  • Multiple Updates
2016-04-26 23:08:12
  • Multiple Updates
2014-10-04 13:30:33
  • Multiple Updates
2014-07-01 13:25:14
  • Multiple Updates
2014-06-14 13:35:31
  • Multiple Updates
2014-02-17 11:19:34
  • Multiple Updates
2014-02-07 13:20:31
  • Multiple Updates
2013-11-04 21:26:55
  • Multiple Updates
2013-10-11 13:26:22
  • Multiple Updates
2013-06-21 13:19:49
  • Multiple Updates
2013-06-05 13:20:31
  • Multiple Updates
2013-06-04 13:26:25
  • Multiple Updates
2013-05-10 22:30:21
  • Multiple Updates
2013-04-18 21:20:01
  • Multiple Updates
2013-04-18 00:19:49
  • First insertion