ID CVE-2013-1480
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client and server deployment of Java. This vulnerability can be exploited through untrusted Java Web Start applications and untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.5.0:update_36:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.5.0:update_36:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.5.0:update_38:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.5.0:update_38:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update_36:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update_36:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.5.0:update_38:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.5.0:update_38:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update11_b03:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update17:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update18:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update19:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update20:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update21:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update22:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update23:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update24:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update25:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update26:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update27:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update28:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update29:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update31:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update33:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.5.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.4.2_38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.4.2_38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.4.2_40:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.4.2_40:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_20:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_21:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_22:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_23:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_24:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_25:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_26:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_27:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_28:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_29:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_30:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_30:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_31:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_31:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_32:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_32:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_33:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_33:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_34:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_34:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_35:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_35:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_36:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_36:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.4.2_37:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.4.2_37:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.4.2_38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.4.2_38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.4.2_40:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.4.2_40:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_1:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_2:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_3:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_4:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_5:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_7:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_8:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_9:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_10:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_12:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_13:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_14:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_16:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_17:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_18:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_19:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_22:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_22:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_23:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_23:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_25:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_25:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_26:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_26:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_27:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_27:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_28:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_28:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_29:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_29:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_30:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_30:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_31:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_31:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_32:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_32:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_33:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_33:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_34:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_34:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_35:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_35:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_36:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_36:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.4.2_37:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.4.2_37:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 19-09-2017 - 01:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2015-03-23T04:00:49.323-04:00
    class vulnerability
    contributors
    • name Sergey Artykhov
      organization ALTX-SOFT
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Java SE Runtime Environment 4 is installed
      oval oval:org.mitre.oval:def:16482
    • comment Java SE Runtime Environment 5 is installed
      oval oval:org.mitre.oval:def:15748
    • comment Java SE Runtime Environment 6 is installed
      oval oval:org.mitre.oval:def:16362
    • comment Java SE Runtime Environment 7 is installed
      oval oval:org.mitre.oval:def:16050
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
    family windows
    id oval:org.mitre.oval:def:16045
    status accepted
    submitted 2013-04-22T10:26:26.748+04:00
    title Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
    version 9
  • accepted 2015-04-20T04:00:46.510-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
    family unix
    id oval:org.mitre.oval:def:18845
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 47
  • accepted 2015-04-20T04:01:10.154-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
    family unix
    id oval:org.mitre.oval:def:19351
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 47
  • accepted 2015-04-20T04:01:24.499-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
    family unix
    id oval:org.mitre.oval:def:19504
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 44
redhat via4
advisories
  • bugzilla
    id 907460
    title CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.54.1.11.6.el6_3
          oval oval:com.redhat.rhsa:tst:20130245005
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865006
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.54.1.11.6.el6_3
          oval oval:com.redhat.rhsa:tst:20130245013
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865010
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.54.1.11.6.el6_3
          oval oval:com.redhat.rhsa:tst:20130245007
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865008
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.54.1.11.6.el6_3
          oval oval:com.redhat.rhsa:tst:20130245011
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865014
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.54.1.11.6.el6_3
          oval oval:com.redhat.rhsa:tst:20130245009
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100865012
    rhsa
    id RHSA-2013:0245
    released 2013-02-08
    severity Critical
    title RHSA-2013:0245: java-1.6.0-openjdk security update (Critical)
  • bugzilla
    id 907460
    title CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment java-1.6.0-openjdk is earlier than 1:1.6.0.0-1.33.1.11.6.el5_9
          oval oval:com.redhat.rhsa:tst:20130246002
        • comment java-1.6.0-openjdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377003
      • AND
        • comment java-1.6.0-openjdk-demo is earlier than 1:1.6.0.0-1.33.1.11.6.el5_9
          oval oval:com.redhat.rhsa:tst:20130246006
        • comment java-1.6.0-openjdk-demo is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377011
      • AND
        • comment java-1.6.0-openjdk-devel is earlier than 1:1.6.0.0-1.33.1.11.6.el5_9
          oval oval:com.redhat.rhsa:tst:20130246004
        • comment java-1.6.0-openjdk-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377005
      • AND
        • comment java-1.6.0-openjdk-javadoc is earlier than 1:1.6.0.0-1.33.1.11.6.el5_9
          oval oval:com.redhat.rhsa:tst:20130246010
        • comment java-1.6.0-openjdk-javadoc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377007
      • AND
        • comment java-1.6.0-openjdk-src is earlier than 1:1.6.0.0-1.33.1.11.6.el5_9
          oval oval:com.redhat.rhsa:tst:20130246008
        • comment java-1.6.0-openjdk-src is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090377009
    rhsa
    id RHSA-2013:0246
    released 2013-02-08
    severity Important
    title RHSA-2013:0246: java-1.6.0-openjdk security update (Important)
  • bugzilla
    id 907460
    title CVE-2013-0429 OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.5.3.el6_3
            oval oval:com.redhat.rhsa:tst:20130247005
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.5.3.el6_3
            oval oval:com.redhat.rhsa:tst:20130247009
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.5.3.el6_3
            oval oval:com.redhat.rhsa:tst:20130247007
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.5.3.el6_3
            oval oval:com.redhat.rhsa:tst:20130247013
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.5.3.el6_3
            oval oval:com.redhat.rhsa:tst:20130247011
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.9-2.3.5.3.el5_9
            oval oval:com.redhat.rhsa:tst:20130247016
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.9-2.3.5.3.el5_9
            oval oval:com.redhat.rhsa:tst:20130247020
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165025
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.9-2.3.5.3.el5_9
            oval oval:com.redhat.rhsa:tst:20130247024
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165023
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.9-2.3.5.3.el5_9
            oval oval:com.redhat.rhsa:tst:20130247022
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.9-2.3.5.3.el5_9
            oval oval:com.redhat.rhsa:tst:20130247018
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
    rhsa
    id RHSA-2013:0247
    released 2013-02-08
    severity Important
    title RHSA-2013:0247: java-1.7.0-openjdk security update (Important)
  • rhsa
    id RHSA-2013:0236
  • rhsa
    id RHSA-2013:0237
  • rhsa
    id RHSA-2013:1455
  • rhsa
    id RHSA-2013:1456
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.54.1.11.6.el6_3
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.54.1.11.6.el6_3
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.54.1.11.6.el6_3
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.54.1.11.6.el6_3
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.54.1.11.6.el6_3
  • java-1.6.0-openjdk-1:1.6.0.0-1.33.1.11.6.el5_9
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.33.1.11.6.el5_9
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.33.1.11.6.el5_9
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.33.1.11.6.el5_9
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.33.1.11.6.el5_9
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el6_3
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el6_3
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el6_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el6_3
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el6_3
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.5.3.el5_9
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.5.3.el5_9
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.5.3.el5_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.5.3.el5_9
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.5.3.el5_9
refmap via4
bid 57691
cert TA13-032A
cert-vn VU#858729
confirm
gentoo GLSA-201406-32
hp
  • HPSBMU02874
  • HPSBUX02857
  • HPSBUX02864
  • SSRT101103
  • SSRT101156
  • SSRT101184
mandriva MDVSA-2013:095
suse
  • SUSE-SU-2013:0478
  • openSUSE-SU-2013:0377
Last major update 19-09-2017 - 01:36
Published 02-02-2013 - 00:55
Back to Top