-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0029 Title: Oracle Java JRE y JDK Security Alert [1] Version history: 07.03.2013 Initial publication Summary ======= This Security Alert addresses security issues affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software. These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password. For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. CVE numbers: CVE-2013-0809 CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2013-1493 CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSS Base Score (for both vulnerabilities) CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [2] Affected Products and Versions: ============================== JDK and JRE 7 Update 15 and earlier JDK and JRE 6 Update 41 and earlier JDK and JRE 5.0 Update 40 and earlier What can you do? ================ Deploy the updated versions of the software [1]. What to tell your users? ======================== N/A More information ================ [1] http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html [2] http://www.first.org/cvss/cvss-guide.html [3] http://www.oracle.com/technetwork/java/javase /downloads/index.html. Best regards, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJROeVUAAoJEGTNxgsW5kXGDfUIAK0D/RTqpbeOc7ZfXr1TqFca 8c29A9yOWHGqmTQlizVVUWKQmbFX5NCuIwFuBhm9eq7tAy4pHjvQvamZKu6VV3gQ m8nuA1DczIGmgYUpbYGUtRIVqRhOUr9pgfH6AFjT8oqCTJZSaPPdoccA5oMoJa/s 4+vgkarZRb1veBdDo4c0UP0Ne+lrMl+obBXBhJZk7qPK7dX9ynHSW1vl5oSjJIKe 4sfxYbnX9gdATWN/r2fnOHZfDCcd6w2iFgm6OXH6UTRTNyfBqmcTo/OXkXfZftB+ eL2BXN9K2Zrx4FKL11110NkrJUTUUySmo1bLPDUXC2VIa/K+cUTBjwU7b8c0CkA= =0prw -----END PGP SIGNATURE-----