PT-2013-3157 · Openjdk+5 · Openjdk+6

Published

2012-11-15

Updated

2024-06-15

CVE-2013-1475

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7 through Update 11 Oracle Java SE versions 6 through Update 38 Oracle Java SE versions 5.0 through Update 38 Oracle Java SE version 1.4.2 40 and earlier OpenJDK versions 6 and 7

Description The issue allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. It is reportedly related to "IIOP type reuse management" in ObjectStreamClass.java, although Oracle has not commented on these claims.

Recommendations For Oracle Java SE versions 7 through Update 11, update to a version later than Update 11. For Oracle Java SE versions 6 through Update 38, update to a version later than Update 38. For Oracle Java SE versions 5.0 through Update 38, update to a version later than Update 38. For Oracle Java SE version 1.4.2 40 and earlier, update to a version later than 1.4.2 40. For OpenJDK versions 6 and 7, update to a version that includes the fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0245

CESA-2013_0247

CVE-2013-1475

HPSBUX02857

HPSBUX02864

OPENSUSE-SU-2013_0308-1

OPENSUSE-SU-2013_0312-1

OPENSUSE-SU-2013_0377-1

OPENSUSE-SU-2024:10534-1

RHSA-2012:1465

RHSA-2012:1466

RHSA-2012:1467

RHSA-2012:1485

RHSA-2012_1465

RHSA-2012_1466

RHSA-2012_1467

RHSA-2013:0236

RHSA-2013:0237

RHSA-2013:0245

RHSA-2013:0246

RHSA-2013:0247

RHSA-2013_0236

RHSA-2013_0237

RHSA-2013_0245

RHSA-2013_0246

RHSA-2013_0247

Affected Products

Centos

Hp-Ux

Java Platform

Java Se

Openjdk

Red Hat

Suse

PT-2013-3157 · Openjdk+5 · Openjdk+6

CVE-2013-1475

Related Identifiers

Affected Products

References · 512