PT-2013-2330 · Openjdk+5 · Openjdk+6

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-0435

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 6 through Update 38 Oracle Java SE versions 7 through Update 11 OpenJDK versions 6 and 7
Description The issue affects confidentiality and is related to vectors in JAX-WS. There are claims that it may be related to improper restriction of com.sun.xml.internal packages and better handling of UI elements.
Recommendations For Oracle Java SE versions 6 through Update 38, update to a version later than Update 38. For Oracle Java SE versions 7 through Update 11, update to a version later than Update 11. For OpenJDK versions 6 and 7, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to JAX-WS components until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-0435
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0625
RHSA-2013_0626

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse