PT-2013-3781 · Oracle+4 · Java Se+6

Stefan Cornelius

·

Published

2013-06-18

·

Updated

2024-06-15

·

CVE-2013-2447

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions prior to 7 Update 21 Java SE versions prior to 6 Update 45 Java SE versions prior to 5.0 Update 45 OpenJDK 7
Description The issue affects confidentiality via unknown vectors related to Networking. It is reported that remote attackers may be able to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
Recommendations For Java SE versions prior to 7 Update 21, update to a version newer than 7 Update 21. For Java SE versions prior to 6 Update 45, update to a version newer than 6 Update 45. For Java SE versions prior to 5.0 Update 45, update to a version newer than 5.0 Update 45. For OpenJDK 7, consider disabling the Networking component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0957
CESA-2013_1014
CVE-2013-2447
DSA-2722-1
DSA-2727-1
HPSBUX02907
HPSBUX02908
HPSBUX02922
MGASA-2013-0185
MGASA-2013-0208
OPENSUSE-SU-2024:10534-1
RHSA-2013:0957
RHSA-2013:0958
RHSA-2013:0963
RHSA-2013:1014
RHSA-2013:1059
RHSA-2013:1060
RHSA-2013:1081
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0957
RHSA-2013_0958
RHSA-2013_0963
RHSA-2013_1014
RHSA-2013_1059
RHSA-2013_1060
RHSA-2013_1081
RHSA-2014:0414
RHSA-2014_0414

Affected Products

Centos
Hp-Ux
Java Platform
Java Se
Openjdk
Red Hat
Suse