CVE-2013-0434

Severity

50%

Complexity

99%

Confidentiality

48%

Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.

Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 12 years ago

2013-02-02 00:55:00

Last updated 7 years ago

2017-09-19 01:35:00

Affected Software

Oracle JRE 1.7.0

1.7.0

Oracle JRE 1.7.0 update1

1.7.0

Oracle JRE 1.7.0 Update 10

1.7.0

Oracle JRE 1.7.0 Update 11

1.7.0

Oracle JRE 1.7.0 update2

1.7.0

Oracle JRE 1.7.0 update3

1.7.0

Oracle JRE 1.7.0 Update 4

1.7.0

Oracle JRE 1.7.0 Update 5

1.7.0

Oracle JRE 1.7.0 Update 6

1.7.0

Oracle JRE 1.7.0 Update 7

1.7.0

Oracle JRE 1.7.0 Update 9

1.7.0

Oracle JDK 1.7.0

1.7.0

Oracle JDK 1.7.0 update1

1.7.0

Oracle JDK 1.7.0 Update 10

1.7.0

Oracle JDK 1.7.0 Update 11

1.7.0

Oracle JDK 1.7.0 update2

1.7.0

Oracle JDK 1.7.0 update3

1.7.0

Oracle JDK 1.7.0 Update 4

1.7.0

Oracle JDK 1.7.0 Update 5

1.7.0

Oracle JDK 1.7.0 Update 6

1.7.0

Oracle JDK 1.7.0 Update 7

1.7.0

Oracle JDK 1.7.0 Update 9

1.7.0

Oracle JRE 1.6.0 Update 22

1.6.0

Oracle JRE 1.6.0 Update 23

1.6.0

Oracle JRE 1.6.0 Update 24

1.6.0

Oracle JRE 1.6.0 Update 25

1.6.0

Oracle JRE 1.6.0 Update 26

1.6.0

Oracle JRE 1.6.0 Update 27

1.6.0

Oracle JRE 1.6.0 Update 29

1.6.0

Oracle JRE 1.6.0 Update 30

1.6.0

Oracle JRE 1.6.0 Update 31

1.6.0

Oracle JRE 1.6.0 Update 32

1.6.0

Oracle JRE 1.6.0 Update 33

1.6.0

Oracle JRE 1.6.0 Update 34

1.6.0

Oracle JRE 1.6.0 Update 35

1.6.0

Oracle JRE 1.6.0 Update 37

1.6.0

Oracle JRE 1.6.0 Update 38

1.6.0

Sun JRE 1.6.0

1.6.0

Sun JRE 1.6.0 Update 1

1.6.0

Sun JRE 1.6.0 Update 10

1.6.0

Sun JRE 1.6.0 Update 11

1.6.0

Sun JRE 1.6.0 Update 12

1.6.0

Sun JRE 1.6.0 Update 13

1.6.0

Sun JRE 1.6.0 Update 14

1.6.0

Sun JRE 1.6.0 Update 15

1.6.0

Sun JRE 1.6.0 Update 16

1.6.0

Sun JRE 1.6.0 Update 17

1.6.0

Sun JRE 1.6.0 Update 18

1.6.0

Sun JRE 1.6.0 Update 19

1.6.0

Sun JRE 1.6.0 Update 2

1.6.0

Sun JRE 1.6.0 Update 20

1.6.0

Sun JRE 1.6.0 Update 21

1.6.0

Sun JRE 1.6.0 Update 3

1.6.0

Sun JRE 1.6.0 Update 4

1.6.0

Sun JRE 1.6.0 Update 5

1.6.0

Sun JRE 1.6.0 Update 6

1.6.0

Sun JRE 1.6.0 Update 7

1.6.0

Sun JRE 1.6.0 Update 9

1.6.0

Oracle JDK 1.6.0 Update 22

1.6.0

Oracle JDK 1.6.0 Update 23

1.6.0

Oracle JDK 1.6.0 Update 24

1.6.0

Oracle JDK 1.6.0 Update 25

1.6.0

Oracle JDK 1.6.0 Update 26

1.6.0

Oracle JDK 1.6.0 Update 27

1.6.0

Oracle JDK 1.6.0 Update 29

1.6.0

Oracle JDK 1.6.0 Update 30

1.6.0

Oracle JDK 1.6.0 Update 31

1.6.0

Oracle JDK 1.6.0 Update 32

1.6.0

Oracle JDK 1.6.0 Update 33

1.6.0

Oracle JDK 1.6.0 Update 34

1.6.0

Oracle JDK 1.6.0 Update 35

1.6.0

Oracle JDK 1.6.0 Update 37

1.6.0

Oracle JDK 1.6.0 Update 38

1.6.0

Sun JDK 1.6.0

1.6.0

Sun JDK 6 Update 1

1.6.0

Sun JDK 1.6.0_01-b06

1.6.0

Sun JDK 6 Update 2

1.6.0

Sun JDK 1.6.0 Update 10

1.6.0

Sun JDK 1.6.0 Update 11

1.6.0

Sun JDK 1.6.0 Update 12

1.6.0

Sun JDK 1.6.0 Update 13

1.6.0

Sun JDK 1.6.0 Update 14

1.6.0

Sun JDK 1.6.0 Update 15

1.6.0

Sun JDK 1.6.0 Update 16

1.6.0

Sun JDK 1.6.0 Update 17

1.6.0

Sun JDK 1.6.0 Update 18

1.6.0

Sun JDK 1.6.0 Update 19

1.6.0

Sun JDK 1.6.0 Update 20

1.6.0

Sun JDK 1.6.0 Update 21

1.6.0

Sun JDK 1.6.0 Update 3

1.6.0

Sun JDK 1.6.0 Update 4

1.6.0

Sun JDK 1.6.0 Update 5

1.6.0

Sun JDK 1.6.0 Update 6

1.6.0

Sun JDK 1.6.0 Update 7

1.6.0

Oracle JRE 1.5.0_36 (JRE 5.0 Update 36)

1.5.0

Oracle JRE 1.5.0_38 (Update 38)

1.5.0

Sun JRE 1.5.0

1.5.0

Sun JRE 1.5.0_1 (JRE 5.0 Update 1)

1.5.0

Sun JRE 1.5.0_10 (JRE 5.0 Update 10)

1.5.0

Sun JRE 1.5.0_11 (JRE 5.0 Update 11)

1.5.0

Sun JRE 1.5.0_12 (JRE 5.0 Update 12)

1.5.0

Sun JRE 1.5.0_13 (JRE 5.0 Update 13)

1.5.0

Sun JRE 1.5.0_14 (JRE 5.0 Update 14)

1.5.0

Sun JRE 1.5.0_15 (JRE 5.0 Update 15)

1.5.0

Sun JRE 1.5.0_16 (JRE 5.0 Update 16)

1.5.0

Sun JRE 1.5.0_17 (JRE 5.0 Update 17)

1.5.0

Sun JRE 1.5.0_18 (JRE 5.0 Update 18)

1.5.0

Sun JRE 1.5.0_19 (JRE 5.0 Update 19)

1.5.0

Sun JRE 1.5.0_2 (JRE 5.0 Update 2)

1.5.0

Sun JRE 1.5.0_20 (JRE 5.0 Update 20)

1.5.0

Sun JRE 1.5.0_21 (JRE 5.0 Update 21)

1.5.0

Sun JRE 1.5.0_22 (JRE 5.0 Update 22)

1.5.0

Sun JRE 1.5.0_23 (JRE 5.0 Update 23)

1.5.0

Sun JRE 1.5.0_24 (JRE 5.0 Update 24)

1.5.0

Sun JRE 1.5.0_25 (JRE 5.0 Update 25)

1.5.0

Sun JRE 1.5.0_26 (JRE 5.0 Update 26)

1.5.0

Sun JRE 1.5.0_27 (JRE 5.0 Update 27)

1.5.0

Sun JRE 1.5.0_28 (JRE 5.0 Update 28)

1.5.0

Sun JRE 1.5.0_29 (JRE 5.0 Update 29)

1.5.0

Sun JRE 1.5.0_3 (JRE 5.0 Update 3)

1.5.0

Sun JRE 1.5.0_31 (JRE 5.0 Update 31)

1.5.0

Sun JRE 1.5.0_33 (JRE 5.0 Update 33)

1.5.0

Sun JRE 1.5.0_4 (JRE 5.0 Update 4)

1.5.0

Sun JRE 1.5.0_5 (JRE 5.0 Update 5)

1.5.0

Sun JRE 1.5.0_6 (JRE 5.0 Update 6)

1.5.0

Sun JRE 1.5.0_7 (JRE 5.0 Update 7)

1.5.0

Sun JRE 1.5.0_8 (JRE 5.0 Update 8)

1.5.0

Sun JRE 1.5.0_9 (JRE 5.0 Update 9)

1.5.0

Oracle JDK 1.5.0 Update 36

1.5.0

Oracle JDK 1.5.0 Update 38

1.5.0

Sun JDK 1.5.0

1.5.0

Sun JDK 5.0 Update1

1.5.0

Sun JDK 5.0 Update10

1.5.0

Sun JDK 5.0 Update11

1.5.0

Sun JDK 1.5.0_11 b03

1.5.0

Sun JDK 5.0 Update12

1.5.0

Sun JDK 5.0 Update 13

1.5.0

Sun JDK 5.0 Update 14

1.5.0

Sun JDK 5.0 Update 15

1.5.0

Sun JDK 5.0 Update 16

1.5.0

Sun JDK 5.0 Update 17

1.5.0

Sun JDK 5.0 Update 18

1.5.0

Sun JDK 5.0 Update 19

1.5.0

Sun JDK 5.0 Update2

1.5.0

Sun JDK 5.0 Update 20

1.5.0

Sun JDK 5.0 Update 21

1.5.0

Sun JDK 5.0 Update 22

1.5.0

Sun JDK 5.0 Update 23

1.5.0

Sun JDK 5.0 Update 24

1.5.0

Sun JDK 5.0 Update 25

1.5.0

Sun JDK 5.0 Update 26

1.5.0

Sun JDK 5.0 Update 27

1.5.0

Sun JDK 5.0 Update 28

1.5.0

Sun JDK 5.0 Update 29

1.5.0

Sun JDK 5.0 Update3

1.5.0

Sun JDK 5.0 Update 31

1.5.0

Sun JDK 1.5.0_33 (JDK 5.0 Update 33)

1.5.0

Sun JDK 5.0 Update4

1.5.0

Sun JDK 5.0 Update5

1.5.0

Sun JDK 1.5.0_6

1.5.0

Sun JDK 5.0 Update7

1.5.0

Sun JDK 1.5 _07-b03

1.5.0

Sun JDK 5.0 Update8

1.5.0

Sun JDK 5.0 Update9

1.5.0

Oracle JRE 1.4.2_38

1.4.2_38

Oracle JRE

Sun JRE 1.4.2

1.4.2

Sun JRE 1.4.2_1

1.4.2_1

Sun JRE 1.4.2_2

1.4.2_2

Sun JRE 1.4.2_3

1.4.2_3

Sun JRE 1.4.2_4

1.4.2_4

Sun JRE 1.4.2_5

1.4.2_5

Sun JRE 1.4.2_6

1.4.2_6

Sun JRE 1.4.2_7

1.4.2_7

Sun JRE 1.4.2_8

1.4.2_8

Sun JRE 1.4.2_9

1.4.2_9

Sun JRE 1.4.2_10

1.4.2_10

Sun JRE 1.4.2_11

1.4.2_11

Sun JRE 1.4.2_12

1.4.2_12

Sun JRE 1.4.2_13

1.4.2_13

Sun JRE 1.4.2_14

1.4.2_14

Sun JRE 1.4.2_15

1.4.2_15

Sun JRE 1.4.2_16

1.4.2_16

Sun JRE 1.4.2_17

1.4.2_17

Sun JRE 1.4.2_18

1.4.2_18

Sun JRE 1.4.2_19

1.4.2_19

Sun JRE 1.4.2_20

1.4.2_20

Sun JRE 1.4.2_21

1.4.2_21

Sun JRE 1.4.2_22

1.4.2_22

Sun JRE 1.4.2_23

1.4.2_23

Sun JRE 1.4.2_24

1.4.2_24

Sun JRE 1.4.2_25

1.4.2_25

Sun JRE 1.4.2_26

1.4.2_26

Sun JRE 1.4.2_27

1.4.2_27

Sun JRE 1.4.2_28

1.4.2_28

Sun JRE 1.4.2_29

1.4.2_29

Sun JRE 1.4.2_30

1.4.2_30

Sun JRE 1.4.2_31

1.4.2_31

Sun JRE 1.4.2_32

1.4.2_32

Sun JRE 1.4.2_33

1.4.2_33

Sun JRE 1.4.2_34

1.4.2_34

Sun JRE 1.4.2_35

1.4.2_35

Sun JRE 1.4.2_36

1.4.2_36

Sun JRE 1.4.2_37

1.4.2_37

Oracle JDK 1.4.2_38

1.4.2_38

Sun JDK 1.4.2

1.4.2

Sun JDK 1.4.2_1

1.4.2_1

Sun JDK 1.4.2_2

1.4.2_2

Sun JDK 1.4.2_3

1.4.2_3

Sun JDK 1.4.2_4

1.4.2_4

Sun JDK 1.4.2_5

1.4.2_5

Sun JDK 1.4.2_6

1.4.2_6

Sun JDK 1.4.2_7

1.4.2_7

Sun JDK 1.4.2_8

1.4.2_8

Sun JDK 1.4.2_9

1.4.2_9

Sun JDK 1.4.2_10

1.4.2_10

Sun JDK 1.4.2_11

1.4.2_11

Sun JDK 1.4.2_12

1.4.2_12

Sun JDK 1.4.2_13

1.4.2_13

Sun JDK 1.4.2_14

1.4.2_14

Sun JDK 1.4.2_15

1.4.2_15

Sun JDK 1.4.2_16

1.4.2_16

Sun JDK 1.4.2_17

1.4.2_17

Sun JDK 1.4.2_18

1.4.2_18

Sun JDK 1.4.2_19

1.4.2_19

Sun JDK 1.4.2_22

1.4.2_22

Sun JDK 1.4.2_23

1.4.2_23

Sun JDK 1.4.2_25

1.4.2_25

Sun JDK 1.4.2_26

1.4.2_26

Sun JDK 1.4.2_27

1.4.2_27

Sun JDK 1.4.2_28

1.4.2_28

Sun JDK 1.4.2_29

1.4.2_29

Sun JDK 1.4.2_30

1.4.2_30

Sun JDK 1.4.2_31

1.4.2_31

Sun JDK 1.4.2_32

1.4.2_32

Sun JDK 1.4.2_33

1.4.2_33

Sun JDK 1.4.2_34

1.4.2_34

Sun JDK 1.4.2_35

1.4.2_35

Sun JDK 1.4.2_36

1.4.2_36

Sun JDK 1.4.2_37

1.4.2_37

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453

http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b

openSUSE-SU-2013:0312

openSUSE-SU-2013:0377

SUSE-SU-2013:0478

HPSBUX02857

SSRT101156

HPSBMU02874

RHSA-2013:0236

RHSA-2013:0237

RHSA-2013:0245

RHSA-2013:0246

RHSA-2013:0247

RHSA-2013:1455

RHSA-2013:1456

GLSA-201406-32

VU#858729

US Government Resource

MDVSA-2013:095

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Vendor Advisory

57730

TA13-032A

US Government Resource

oval:org.mitre.oval:def:16528

oval:org.mitre.oval:def:19272

oval:org.mitre.oval:def:19430

oval:org.mitre.oval:def:19505

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.