Lucene search

[email protected]CVE-2013-2460

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2460

2013-06-1822:55:02

[email protected]

web.nvd.nist.gov

cve-2013-2460

oracle

java

vulnerability

jre

remote attackers

confidentiality

integrity

availability

openjdk

serviceability

bypass

sandbox

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to “insufficient access checks” in the tracing component.

Affected configurations

NVD

Node

oraclejreRange≤1.7.0update21

oraclejreMatch1.7.0

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update13

oraclejreMatch1.7.0update15

oraclejreMatch1.7.0update17

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update9

Node

oraclejdkRange≤1.7.0update21

oraclejdkMatch1.7.0

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update13

oraclejdkMatch1.7.0update15

oraclejdkMatch1.7.0update17

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update9

CPENameOperatorVersion
oracle:jreoracle jrele1.7.0

CPE	Name	Operator	Version
oracle:jre	oracle jre	le	1.7.0

References

advisories.mageia.org/MGASA-2013-0185.html

hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

marc.info/?l=bugtraq&m=137545505800971&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1060.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.us-cert.gov/ncas/alerts/TA13-169A

bugzilla.redhat.com/show_bug.cgi?id=975122

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17116

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19129

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

CVE-2013-2460

Affected configurations

References

Related