Oracle Security Alert for CVE-2013-0422 - Beta Oracle CVRF
Oracle Security Alert
CVE-2013-0422
Final
1.0
1.0
2013-01-14T13:00:00-07:00
Initial Distribution
2013-01-14T13:00:00-07:00
2013-01-14T13:00:00-07:00
This document contains descriptions of Oracle product security vulnerabilities which have had fixes released for all supported versions and platforms for the associated product. Additional information regarding these vulnerabilities including fix distribution information can be found at the Oracle sites referenced in this document.
This document is published at: http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/1896934.xml
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
URL to html version of Advisory
Ben Murphy
TippingPoint's Zero Day Initiative
Sun Java Version 7 Update 10 and before
CVE-2012-3174
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 10 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.). CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).
Fix has been released
CVE-2012-3174
P-856V-7 Update 10 and before
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2013-0422
Oracle customers with valid support contracts
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
P-856V-7 Update 10 and before
CVE-2013-0422
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are 7 Update 10 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Applies to client deployment of Java only. This vulnerability can be exploited only through Untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.). CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). Oracle Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).
Fix has been released
CVE-2013-0422
P-856V-7 Update 10 and before
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2013-0422
Oracle customers with valid support contracts
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
P-856V-7 Update 10 and before