PT-2013-2338 · Openjdk+5 · Openjdk+6

Tomas Hoger

·

Published

2013-02-01

·

Updated

2024-06-15

·

CVE-2013-0443

CVSS v2.0

4.0

Medium

VectorAV:N/AC:H/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions prior to 7 Update 11 Oracle Java SE versions prior to 6 Update 38 Oracle Java SE versions prior to 5.0 Update 38 Oracle Java SE version 1.4.2 40 and earlier OpenJDK versions 6 and 7
Description The issue affects confidentiality and integrity via vectors related to JSSE, potentially allowing remote attackers to conduct a small subgroup attack to force the use of weak session keys or obtain sensitive information about the private key. This may be related to incorrect validation of Diffie-Hellman keys.
Recommendations For Oracle Java SE versions prior to 7 Update 11, update to Update 11 or later. For Oracle Java SE versions prior to 6 Update 38, update to Update 38 or later. For Oracle Java SE versions prior to 5.0 Update 38, update to Update 38 or later. For Oracle Java SE version 1.4.2 40 and earlier, update to a later version. For OpenJDK versions 6 and 7, consider disabling the use of Diffie-Hellman keys until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245
CESA-2013_0247
CVE-2013-0443
HPSBUX02857
HPSBUX02864
OPENSUSE-SU-2013_0308-1
OPENSUSE-SU-2013_0312-1
OPENSUSE-SU-2013_0377-1
OPENSUSE-SU-2024:10534-1
RHSA-2013:0236
RHSA-2013:0237
RHSA-2013:0245
RHSA-2013:0246
RHSA-2013:0247
RHSA-2013:0624
RHSA-2013:0625
RHSA-2013:0626
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0236
RHSA-2013_0237
RHSA-2013_0245
RHSA-2013_0246
RHSA-2013_0247
RHSA-2013_0624
RHSA-2013_0625
RHSA-2013_0626

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse