PT-2013-2328 · Oracle+4 · Java Runtime Environment+6

Stefan Cornelius

·

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-0433

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 5.0 through Update 38 Java Runtime Environment (JRE) versions 6 through Update 38 Java Runtime Environment (JRE) versions 7 through Update 11 OpenJDK versions 6 and 7
Description The issue affects the integrity of the system via unknown vectors related to Networking. It is reported that this issue may allow remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
Recommendations For Java Runtime Environment (JRE) versions 5.0 through Update 38, update to a version later than Update 38. For Java Runtime Environment (JRE) versions 6 through Update 38, update to a version later than Update 38. For Java Runtime Environment (JRE) versions 7 through Update 11, update to a version later than Update 11. For OpenJDK versions 6 and 7, consider upgrading to a newer version that may include fixes for this issue. As a temporary workaround, consider restricting access to networking components until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-0433
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0624
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0624
RHSA-2013_0625
RHSA-2013_0626

Affected Products

Centos
Hp-Ux
Java Platform
Java Runtime Environment
Openjdk
Red Hat
Suse