CVE-2013-2443 Information
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier 6 Update 45 and earlier and 5.0 Update 45 and earlier and OpenJDK 7 allows remote attackers to affect confidentiality via unknown vectors related to Libraries a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \checking order\ within the AccessControlContext class.
Reference
http://advisories.mageia.org/MGASA-2013-0185.html http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70 http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://rhn.redhat.com/errata/RHSA-2013-1059.html http://rhn.redhat.com/errata/RHSA-2013-1081.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://secunia.com/advisories/54154 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html http://www.securityfocus.com/bid/60646 http://www.us-cert.gov/ncas/alerts/TA13-169A http://www-01.ibm.com/support/docview.wss?uid=swg21642336 http://www-01.ibm.com/support/docview.wss?uid=swg21644197 https://access.redhat.com/errata/RHSA-2014:0414 https://bugzilla.redhat.com/show_bug.cgi?id=975137 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A17230 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A19299
Share on: