PT-2013-2338 · Openjdk+5 · Openjdk+6

Tomas Hoger

·

Publicado

2013-02-01

·

Atualizado

2024-06-15

·

CVE-2013-0443

CVSS v2.0

4.0

Média

VetorAV:N/AC:H/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions prior to 7 Update 11 Oracle Java SE versions prior to 6 Update 38 Oracle Java SE versions prior to 5.0 Update 38 Oracle Java SE version 1.4.2 40 and earlier OpenJDK versions 6 and 7
Description The issue affects confidentiality and integrity via vectors related to JSSE, potentially allowing remote attackers to conduct a small subgroup attack to force the use of weak session keys or obtain sensitive information about the private key. This may be related to incorrect validation of Diffie-Hellman keys.
Recommendations For Oracle Java SE versions prior to 7 Update 11, update to Update 11 or later. For Oracle Java SE versions prior to 6 Update 38, update to Update 38 or later. For Oracle Java SE versions prior to 5.0 Update 38, update to Update 38 or later. For Oracle Java SE version 1.4.2 40 and earlier, update to a later version. For OpenJDK versions 6 and 7, consider disabling the use of Diffie-Hellman keys until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CESA-2013_0245
CESA-2013_0247
CVE-2013-0443
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0624
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0624
RHSA-2013_0625
RHSA-2013_0626

Produtos afetados

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse