CVE-2013-0443

Published: Feb 2, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.

Affected (241)

Products: Oracle: Jre, Jdk · Sun: Jre, Jdk

2 products

2 products

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Oracle Jre	Version 1.7.0
Oracle Jre	Version 1.7.0 update10
Oracle Jre	Version 1.7.0 update11
Oracle Jre	Version 1.7.0 update1
Oracle Jre	Version 1.7.0 update2
Oracle Jre	Version 1.7.0 update3
Oracle Jre	Version 1.7.0 update4
Oracle Jre	Version 1.7.0 update5
Oracle Jre	Version 1.7.0 update6
Oracle Jre	Version 1.7.0 update7
Oracle Jre	Version 1.7.0 update9

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.7.0
Oracle Jdk	Version 1.7.0 update10
Oracle Jdk	Version 1.7.0 update11
Oracle Jdk	Version 1.7.0 update1
Oracle Jdk	Version 1.7.0 update2
Oracle Jdk	Version 1.7.0 update3
Oracle Jdk	Version 1.7.0 update4
Oracle Jdk	Version 1.7.0 update5
Oracle Jdk	Version 1.7.0 update6
Oracle Jdk	Version 1.7.0 update7
Oracle Jdk	Version 1.7.0 update9

Configuration C

36 vulnerable

Vulnerable Software	Affected Versions
Oracle Jre	Version 1.6.0 update22
Oracle Jre	Version 1.6.0 update23
Oracle Jre	Version 1.6.0 update24
Oracle Jre	Version 1.6.0 update25
Oracle Jre	Version 1.6.0 update26
Oracle Jre	Version 1.6.0 update27
Oracle Jre	Version 1.6.0 update29
Oracle Jre	Version 1.6.0 update30
Oracle Jre	Version 1.6.0 update31
Oracle Jre	Version 1.6.0 update32
Oracle Jre	Version 1.6.0 update33
Oracle Jre	Version 1.6.0 update34
Oracle Jre	Version 1.6.0 update35
Oracle Jre	Version 1.6.0 update37
Oracle Jre	Version 1.6.0 update38
Sun Jre	Version 1.6.0
Sun Jre	Version 1.6.0 update_10
Sun Jre	Version 1.6.0 update_11
Sun Jre	Version 1.6.0 update_12
Sun Jre	Version 1.6.0 update_13
Sun Jre	Version 1.6.0 update_14
Sun Jre	Version 1.6.0 update_15
Sun Jre	Version 1.6.0 update_16
Sun Jre	Version 1.6.0 update_17
Sun Jre	Version 1.6.0 update_18
Sun Jre	Version 1.6.0 update_19
Sun Jre	Version 1.6.0 update_1
Sun Jre	Version 1.6.0 update_20
Sun Jre	Version 1.6.0 update_21
Sun Jre	Version 1.6.0 update_2
Sun Jre	Version 1.6.0 update_3
Sun Jre	Version 1.6.0 update_4
Sun Jre	Version 1.6.0 update_5
Sun Jre	Version 1.6.0 update_6
Sun Jre	Version 1.6.0 update_7
Sun Jre	Version 1.6.0 update_9

Configuration D

36 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.6.0 update22
Oracle Jdk	Version 1.6.0 update23
Oracle Jdk	Version 1.6.0 update24
Oracle Jdk	Version 1.6.0 update25
Oracle Jdk	Version 1.6.0 update26
Oracle Jdk	Version 1.6.0 update27
Oracle Jdk	Version 1.6.0 update29
Oracle Jdk	Version 1.6.0 update30
Oracle Jdk	Version 1.6.0 update31
Oracle Jdk	Version 1.6.0 update32
Oracle Jdk	Version 1.6.0 update33
Oracle Jdk	Version 1.6.0 update34
Oracle Jdk	Version 1.6.0 update35
Oracle Jdk	Version 1.6.0 update37
Oracle Jdk	Version 1.6.0 update38
Sun Jdk	Version 1.6.0
Sun Jdk	Version 1.6.0 update1
Sun Jdk	Version 1.6.0 update1_b06
Sun Jdk	Version 1.6.0 update2
Sun Jdk	Version 1.6.0 update_10
Sun Jdk	Version 1.6.0 update_11
Sun Jdk	Version 1.6.0 update_12
Sun Jdk	Version 1.6.0 update_13
Sun Jdk	Version 1.6.0 update_14
Sun Jdk	Version 1.6.0 update_15
Sun Jdk	Version 1.6.0 update_16
Sun Jdk	Version 1.6.0 update_17
Sun Jdk	Version 1.6.0 update_18
Sun Jdk	Version 1.6.0 update_19
Sun Jdk	Version 1.6.0 update_20
Sun Jdk	Version 1.6.0 update_21
Sun Jdk	Version 1.6.0 update_3
Sun Jdk	Version 1.6.0 update_4
Sun Jdk	Version 1.6.0 update_5
Sun Jdk	Version 1.6.0 update_6
Sun Jdk	Version 1.6.0 update_7

Configuration E

34 vulnerable

Vulnerable Software	Affected Versions
Oracle Jre	Version 1.5.0 update36
Oracle Jre	Version 1.5.0 update38
Sun Jre	Version 1.5.0
Sun Jre	Version 1.5.0 update10
Sun Jre	Version 1.5.0 update11
Sun Jre	Version 1.5.0 update12
Sun Jre	Version 1.5.0 update13
Sun Jre	Version 1.5.0 update14
Sun Jre	Version 1.5.0 update15
Sun Jre	Version 1.5.0 update16
Sun Jre	Version 1.5.0 update17
Sun Jre	Version 1.5.0 update18
Sun Jre	Version 1.5.0 update19
Sun Jre	Version 1.5.0 update1
Sun Jre	Version 1.5.0 update20
Sun Jre	Version 1.5.0 update21
Sun Jre	Version 1.5.0 update22
Sun Jre	Version 1.5.0 update23
Sun Jre	Version 1.5.0 update24
Sun Jre	Version 1.5.0 update25
Sun Jre	Version 1.5.0 update26
Sun Jre	Version 1.5.0 update27
Sun Jre	Version 1.5.0 update28
Sun Jre	Version 1.5.0 update29
Sun Jre	Version 1.5.0 update2
Sun Jre	Version 1.5.0 update31
Sun Jre	Version 1.5.0 update33
Sun Jre	Version 1.5.0 update3
Sun Jre	Version 1.5.0 update4
Sun Jre	Version 1.5.0 update5
Sun Jre	Version 1.5.0 update6
Sun Jre	Version 1.5.0 update7
Sun Jre	Version 1.5.0 update8
Sun Jre	Version 1.5.0 update9

Configuration F

36 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Version 1.5.0 update36
Oracle Jdk	Version 1.5.0 update38
Sun Jdk	Version 1.5.0
Sun Jdk	Version 1.5.0 update10
Sun Jdk	Version 1.5.0 update11
Sun Jdk	Version 1.5.0 update11_b03
Sun Jdk	Version 1.5.0 update12
Sun Jdk	Version 1.5.0 update13
Sun Jdk	Version 1.5.0 update14
Sun Jdk	Version 1.5.0 update15
Sun Jdk	Version 1.5.0 update16
Sun Jdk	Version 1.5.0 update17
Sun Jdk	Version 1.5.0 update18
Sun Jdk	Version 1.5.0 update19
Sun Jdk	Version 1.5.0 update1
Sun Jdk	Version 1.5.0 update20
Sun Jdk	Version 1.5.0 update21
Sun Jdk	Version 1.5.0 update22
Sun Jdk	Version 1.5.0 update23
Sun Jdk	Version 1.5.0 update24
Sun Jdk	Version 1.5.0 update25
Sun Jdk	Version 1.5.0 update26
Sun Jdk	Version 1.5.0 update27
Sun Jdk	Version 1.5.0 update28
Sun Jdk	Version 1.5.0 update29
Sun Jdk	Version 1.5.0 update2
Sun Jdk	Version 1.5.0 update31
Sun Jdk	Version 1.5.0 update33
Sun Jdk	Version 1.5.0 update3
Sun Jdk	Version 1.5.0 update4
Sun Jdk	Version 1.5.0 update5
Sun Jdk	Version 1.5.0 update6
Sun Jdk	Version 1.5.0 update7
Sun Jdk	Version 1.5.0 update7_b03
Sun Jdk	Version 1.5.0 update8
Sun Jdk	Version 1.5.0 update9

Configuration G

40 vulnerable

Vulnerable Software	Affected Versions
Oracle Jre	Up to 1.4.2_40
Oracle Jre	Version 1.4.2_38
Sun Jre	Version 1.4.2
Sun Jre	Version 1.4.2_10
Sun Jre	Version 1.4.2_11
Sun Jre	Version 1.4.2_12
Sun Jre	Version 1.4.2_13
Sun Jre	Version 1.4.2_14
Sun Jre	Version 1.4.2_15
Sun Jre	Version 1.4.2_16
Sun Jre	Version 1.4.2_17
Sun Jre	Version 1.4.2_18
Sun Jre	Version 1.4.2_19
Sun Jre	Version 1.4.2_1
Sun Jre	Version 1.4.2_20
Sun Jre	Version 1.4.2_21
Sun Jre	Version 1.4.2_22
Sun Jre	Version 1.4.2_23
Sun Jre	Version 1.4.2_24
Sun Jre	Version 1.4.2_25
Sun Jre	Version 1.4.2_26
Sun Jre	Version 1.4.2_27
Sun Jre	Version 1.4.2_28
Sun Jre	Version 1.4.2_29
Sun Jre	Version 1.4.2_2
Sun Jre	Version 1.4.2_30
Sun Jre	Version 1.4.2_31
Sun Jre	Version 1.4.2_32
Sun Jre	Version 1.4.2_33
Sun Jre	Version 1.4.2_34
Sun Jre	Version 1.4.2_35
Sun Jre	Version 1.4.2_36
Sun Jre	Version 1.4.2_37
Sun Jre	Version 1.4.2_3
Sun Jre	Version 1.4.2_4
Sun Jre	Version 1.4.2_5
Sun Jre	Version 1.4.2_6
Sun Jre	Version 1.4.2_7
Sun Jre	Version 1.4.2_8
Sun Jre	Version 1.4.2_9

Configuration H

37 vulnerable

Vulnerable Software	Affected Versions
Oracle Jdk	Up to 1.4.2_40
Oracle Jdk	Version 1.4.2_38
Sun Jdk	Version 1.4.2
Sun Jdk	Version 1.4.2_10
Sun Jdk	Version 1.4.2_11
Sun Jdk	Version 1.4.2_12
Sun Jdk	Version 1.4.2_13
Sun Jdk	Version 1.4.2_14
Sun Jdk	Version 1.4.2_15
Sun Jdk	Version 1.4.2_16
Sun Jdk	Version 1.4.2_17
Sun Jdk	Version 1.4.2_18
Sun Jdk	Version 1.4.2_19
Sun Jdk	Version 1.4.2_1
Sun Jdk	Version 1.4.2_22
Sun Jdk	Version 1.4.2_23
Sun Jdk	Version 1.4.2_25
Sun Jdk	Version 1.4.2_26
Sun Jdk	Version 1.4.2_27
Sun Jdk	Version 1.4.2_28
Sun Jdk	Version 1.4.2_29
Sun Jdk	Version 1.4.2_2
Sun Jdk	Version 1.4.2_30
Sun Jdk	Version 1.4.2_31
Sun Jdk	Version 1.4.2_32
Sun Jdk	Version 1.4.2_33
Sun Jdk	Version 1.4.2_34
Sun Jdk	Version 1.4.2_35
Sun Jdk	Version 1.4.2_36
Sun Jdk	Version 1.4.2_37
Sun Jdk	Version 1.4.2_3
Sun Jdk	Version 1.4.2_4
Sun Jdk	Version 1.4.2_5
Sun Jdk	Version 1.4.2_6
Sun Jdk	Version 1.4.2_7
Sun Jdk	Version 1.4.2_8
Sun Jdk	Version 1.4.2_9

References (54)

http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS

Source: secalert_us@oracle.com

http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/496bced2d275

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html

Source: secalert_us@oracle.com

http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=136439120408139&w=2

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=136570436423916&w=2

Source: secalert_us@oracle.com

http://marc.info/?l=bugtraq&m=136733161405818&w=2

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-0236.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-0237.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-0245.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-0246.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-0247.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Source: secalert_us@oracle.com

http://rhn.redhat.com/errata/RHSA-2013-1456.html

Source: secalert_us@oracle.com

http://security.gentoo.org/glsa/glsa-201406-32.xml

Source: secalert_us@oracle.com

http://www.kb.cert.org/vuls/id/858729

Source: secalert_us@oracle.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDVSA-2013:095

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Source: secalert_us@oracle.com

Vendor Advisory

http://www.securityfocus.com/bid/57702

Source: secalert_us@oracle.com

http://www.us-cert.gov/cas/techalerts/TA13-032A.html

Source: secalert_us@oracle.com

US Government Resource

https://bugzilla.redhat.com/show_bug.cgi?id=907340

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15832

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19010

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19382

Source: secalert_us@oracle.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19437

Source: secalert_us@oracle.com

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056

Source: secalert_us@oracle.com

http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS