CVE-2013-1571 — MEDIUM (4.3)

Q: How severe is CVE-2013-1571?

CVE-2013-1571 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-1571?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Sun Jdk, Oracle Jre, Sun Jre, Oracle Javafx.

Vulnerability Description

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Oracle	Jdk	<= 1.6.0
Sun	Jdk	1.6.0
Oracle	Jre	<= 1.5.0
Sun	Jre	1.5.0
Oracle	Javafx	<= 2.2.21

References

FAQ

What is CVE-2013-1571?

CVE-2013-1571 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows re...

How severe is CVE-2013-1571?

CVE-2013-1571 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1571?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Sun Jdk, Oracle Jre, Sun Jre, Oracle Javafx.