You are here

Oracle Critical Patch Update - Java SE 7 Update 13

IDs: 
CB-K13/0083, CVE-2013-0437, CVE-2013-1478, CVE-2013-0442, CVE-2013-0445, CVE-2013-1480, CVE-2013-0440, CVE-2013-0443, ...
Keywords: 
Java
Description: 

Oracle released the Critical Patch Update Java SE7 Update 13 to fix multiple vulnerabilities in Java 7 Update 11 and previous versions [1]. The affected Java components are:

2D, AWT, Beans, CORBA, Deployment, Install, JavaFX, JAXP, JAX-WS, JMX, JSSE, Libraries, Networking, RMI, Scripting, Sound

Airlock is not affected by any of the listed vulnerabilities because:

  • Vulnerabilities related to "2D" [CVE-2013-0437, CVE-2013-1478] do not affect Airlock, since Airlock is not using the Java 2D API
  • Vulnerabilities related to "JSSE" [CVE-2013-0440, CVE-2013-0443] do not affect Airlock, since Java is not handling SSL/TLS communication on Airlock
  • Vulnerabilities related to "AWT" [CVE-2013-0442, CVE-2013-0445, CVE-2013-1480] do not affect Airlock, since these vulnerabilities either affect client installations only or in case of server-side attacks rely on the possibility to add or alter Java code on Airlock. This is not possible since Airlock is running Java code only from trusted sources.
  • All other vulnerabilities affect Java client installations or Java deployment only

[1] - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Resolution: 

It is strongly recommended to apply the Critical Patch Update Java SE 7 Update 13 to all Java client installations or to disable or even uninstall Java from clients.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required