Описание
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | java-1.6.0-sun | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.6.0-sun | Not affected | ||
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Fixed | RHSA-2013:0752 | 17.04.2013 |
| Red Hat Enterprise Linux 5 | java-1.6.0-openjdk | Fixed | RHSA-2013:0770 | 24.04.2013 |
| Red Hat Enterprise Linux 6 | java-1.7.0-openjdk | Fixed | RHSA-2013:0751 | 17.04.2013 |
| Red Hat Enterprise Linux 6 | java-1.6.0-openjdk | Fixed | RHSA-2013:0770 | 24.04.2013 |
| Supplementary for Red Hat Enterprise Linux 5 | java-1.7.0-oracle | Fixed | RHSA-2013:0757 | 18.04.2013 |
| Supplementary for Red Hat Enterprise Linux 5 | java-1.7.0-ibm | Fixed | RHSA-2013:0822 | 14.05.2013 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.7.0-oracle | Fixed | RHSA-2013:0757 | 18.04.2013 |
| Supplementary for Red Hat Enterprise Linux 6 | java-1.7.0-ibm | Fixed | RHSA-2013:0822 | 14.05.2013 |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS2
Связанные уязвимости
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
ELSA-2013-0770: java-1.6.0-openjdk security update (IMPORTANT)
6.8 Medium
CVSS2