Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2013-2407
HistoryJun 18, 2013 - 12:00 a.m.

CVE-2013-2407

2013-06-1800:00:00
ubuntu.com
ubuntu.com
32

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.089

Percentile

94.6%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component
in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and
OpenJDK 7, allows remote attackers to affect confidentiality and
availability via unknown vectors related to Libraries. NOTE: the previous
information is from the June 2013 CPU. Oracle has not commented on claims
from another vendor that this issue is related to “XML security and the
class loader.”

Notes

Author Note
mdeslaur in lucid+, NetX and the plugin moved to the icedtea-web package
jdstrand sun-java6 is not redistributable, no longer in the archive and no longer tracked sun-java5 is EOL upstream and no longer tracked as of 2013-06-19, upstream IcedTea updates are not available updates break the icedtea-web plugin and it will need this fix: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023745.html
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchopenjdk-6< 6b27-1.12.6-1ubuntu0.10.04.1UNKNOWN
ubuntu12.04noarchopenjdk-6< 6b27-1.12.6-1ubuntu0.12.04.1UNKNOWN
ubuntu12.10noarchopenjdk-6< 6b27-1.12.6-1ubuntu0.12.10.2UNKNOWN
ubuntu13.04noarchopenjdk-6< 6b27-1.12.6-1ubuntu0.13.04.2UNKNOWN
ubuntu12.04noarchopenjdk-7< 7u25-2.3.10-1ubuntu0.12.04.2UNKNOWN
ubuntu12.10noarchopenjdk-7< 7u25-2.3.10-1ubuntu0.12.10.2UNKNOWN
ubuntu13.04noarchopenjdk-7< 7u25-2.3.10-1ubuntu0.13.04.2UNKNOWN

Related

ibm 20
prion 1
nvd 1
cve 1
veracode 11
cvelist 1
openvas 41
nessus 47
amazon 2
oraclelinux 3
redhat 9
centos 3
suse 8
debian 2
mageia 2
ubuntu 3
securityvulns 1
oracle 1
gentoo 2
osv 1
ibm
ibm
Security Bulletin: IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway can be affected by vulnerabilities in the Websphere IBM Java Runtime Environment (CVE-2013-2407)
2022-09-25 21:06:56
Security Bulletin: IBM SPSS Modeler - XML (CVE-2013-2407)
2022-09-25 21:06:56
Security Bulletin: Multiple IBM Java SDK security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4002 and CVE-2013-2407)
2022-09-25 23:09:27
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
nvd
nvd
CVE-2013-2407
2013-06-18 22:55:01
cve
cve
CVE-2013-2407
2013-06-18 22:55:01
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:30
Memory Corruption
2019-05-02 04:46:31
Privilege Escalation
2019-05-02 04:46:30
cvelist
cvelist
CVE-2013-2407
2013-06-18 22:00:00
openvas
openvas
Oracle Java SE Multiple Vulnerabilities -04 June 13 (Windows)
2013-06-24 00:00:00
Oracle Java SE Multiple Vulnerabilities -04 (Jun 2013) - Windows
2013-06-24 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2013:1014-01
2013-07-05 00:00:00
nessus
nessus
Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)
2014-08-22 00:00:00
CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1014)
2013-07-05 00:00:00
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)
2013-07-12 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:0958) Important: java-1.7.0-openjdk security update
2013-06-19 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:46:44
java security update
2013-06-20 06:43:01
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
Security update for java-1_7_0-openjdk (important)
2013-07-25 16:04:14
Security update for java-1_7_0-ibm (important)
2013-07-25 20:04:17
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:11:57
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:52:23
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
IcedTea Web update
2013-07-16 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
osv
osv
java-1_7_0-openjdk-1.7.0.121-1.1 on GA media
2024-06-15 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.089

Percentile

94.6%

JSON
Related for UB:CVE-2013-2407
ibm20prion1nvd1cve1veracode11cvelist1openvas41nessus47amazon2oraclelinux3redhat9centos3suse8debian2mageia2ubuntu3securityvulns1oracle1gentoo2osv1