You are here

V-181: Oracle Java SE Critical Patch Update Advisory - June 2013

June 19, 2013 - 1:06am

Addthis

PROBLEM:

Oracle Java SE Critical Patch Update Advisory - June 2013

PLATFORM:

Version(s): 5.0 Update 45, 6 Update 45, 7 Update 21; and prior versions

ABSTRACT:

Multiple vulnerabilities were reported in Oracle Java.

REFERENCE LINKS:

Oracle Java SE Critical Patch Update June 2013
SecurityTracker Alert ID:  1028679
CVE-2013-1500, CVE-2013-1571
CVE-2013-2400, CVE-2013-2407
CVE-2013-2412, CVE-2013-2437
CVE-2013-2442, CVE-2013-2443
CVE-2013-2444, CVE-2013-2445
CVE-2013-2446, CVE-2013-2447
CVE-2013-2448, CVE-2013-2449
CVE-2013-2450, CVE-2013-2451
CVE-2013-2452, CVE-2013-2453
CVE-2013-2454, CVE-2013-2455
CVE-2013-2456, CVE-2013-2457
CVE-2013-2458, CVE-2013-2459
CVE-2013-2460, CVE-2013-2461
CVE-2013-2462, CVE-2013-2463
CVE-2013-2464, CVE-2013-2465
CVE-2013-2466, CVE-2013-2467
CVE-2013-2468, CVE-2013-2469
CVE-2013-2470, CVE-2013-2471
CVE-2013-2472, CVE-2013-2473
CVE-2013-3743, CVE-2013-3744

IMPACT ASSESSMENT:

High

DISCUSSION:

The 2D component is affected [CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2469].

The AWT [CVE-2013-2459, CVE-2013-3743], Deployment [CVE-2013-2462, CVE-2013-2466, CVE-2013-2468], Serviceability [CVE-2013-2460], and Sound [CVE-2013-2448] components are affected.

A remote user can exploit a flaw in the Hotspot component to cause denial of service conditions [CVE-2013-2445].

A remote user can partially access and modify data and cause partial denial of service conditions. The Deployment [CVE-2013-2442] and Libraries [CVE-2013-2461] components are affected.

A remote user can exploit a flaw in the Libraries component to partially access data and cause partial denial of service conditions [CVE-2013-2407].

A remote user can partially access and modify data. The JDBC [CVE-2013-2454] and Libraries [CVE-2013-2458] components are affected.

A remote user can partially deny service. The AWT [CVE-2013-2444] and Serialization [CVE-2013-2450] components are affected.

A remote user can partially access data. The Corba [CVE-2013-2446], Deployment [CVE-2013-2437], Serialization [CVE-2013-2456], Serviceability [CVE-2013-2412], and Libraries [CVE-2013-2449] components are affected.

A remote user can partially modify data. The Deployment [CVE-2013-2400, CVE-2013-3744], JMX [CVE-2013-2457, CVE-2013-2453], Libraries [CVE-2013-2443, CVE-2013-2452, CVE-2013-2455], and Networking [CVE-2013-2447] components are affected.

A remote user can exploit a flaw in Javadoc to partially modify data [CVE-2013-1571]. HTML pages created using Javadoc are vulnerable to HTML injection attacks.

A local user can exploit a flaw in the 2D component to partially access and modify data [CVE-2013-1500].

A local user can exploit a flaw in the networking component to partially access and modify data and cause partial denial of service conditions [CVE-2013-2451].

A local user can exploit a flaw in the Install component to gain elevated privileges [CVE-2013-2467].

IMPACT:

A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote or local user can cause denial of service conditions.

SOLUTION:

The vendor has issued a fix (7 Update 25).

Addthis