Lucene search

K

[email protected]NVD:CVE-2013-2458

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2458

2013-06-1822:55:02

[email protected]

web.nvd.nist.gov

1

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

75.2%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via “an error related to method handles.”

Affected configurations

NVD

Node

oraclejreRange≤1.7.0update21

OR

oraclejreMatch1.7.0

OR

oraclejreMatch1.7.0update1

OR

oraclejreMatch1.7.0update10

OR

oraclejreMatch1.7.0update11

OR

oraclejreMatch1.7.0update13

OR

oraclejreMatch1.7.0update15

OR

oraclejreMatch1.7.0update17

OR

oraclejreMatch1.7.0update2

OR

oraclejreMatch1.7.0update3

OR

oraclejreMatch1.7.0update4

OR

oraclejreMatch1.7.0update5

OR

oraclejreMatch1.7.0update6

OR

oraclejreMatch1.7.0update7

OR

oraclejreMatch1.7.0update9

Node

oraclejdkRange≤1.7.0update21

OR

oraclejdkMatch1.7.0

OR

oraclejdkMatch1.7.0update1

OR

oraclejdkMatch1.7.0update10

OR

oraclejdkMatch1.7.0update11

OR

oraclejdkMatch1.7.0update13

OR

oraclejdkMatch1.7.0update15

OR

oraclejdkMatch1.7.0update17

OR

oraclejdkMatch1.7.0update2

OR

oraclejdkMatch1.7.0update3

OR

oraclejdkMatch1.7.0update4

OR

oraclejdkMatch1.7.0update5

OR

oraclejdkMatch1.7.0update6

OR

oraclejdkMatch1.7.0update7

OR

oraclejdkMatch1.7.0update9

References

advisories.mageia.org/MGASA-2013-0185.html

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/9efb5fb77027

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

marc.info/?l=bugtraq&m=137545505800971&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1060.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.us-cert.gov/ncas/alerts/TA13-169A

bugzilla.redhat.com/show_bug.cgi?id=975130

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17069

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19709

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

75.2%

Related for NVD:CVE-2013-2458

ubuntucve1 veracode1 cvelist1 cve1 prion1 openvas26 redhat4 nessus30 centos2 oraclelinux2 mageia1 amazon1 suse3 debian1 ubuntu3 securityvulns1 ibm14 gentoo2