CVE-2013-0444 Information

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and OpenJDK 7 allows remote attackers to affect confidentiality integrity and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \insufficient checks for cached results\ by the Java Beans MethodFinder which might allow attackers to access methods that should only be accessible to privileged code.

Reference

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218 http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-0247.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.kb.cert.org/vuls/id/858729 http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A16614 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A19349 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056