Lucene search

K

[email protected]CVE-2013-2453

HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2453

2013-06-1822:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

70

cve-2013-2453

java

jre

oracle

security

vulnerability

cve

5.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for “package access” by the MBeanServer Introspector.

CPENameOperatorVersion
oracle:jreoracle jreeq1.7.0
oracle:jdkoracle jdkeq1.7.0
sun:jresun jreeq1.6.0
oracle:jreoracle jreeq1.6.0
sun:jdksun jdkeq1.6.0
oracle:jdkoracle jdkeq1.6.0

References

advisories.mageia.org/MGASA-2013-0185.html

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545505800971&w=2

marc.info/?l=bugtraq&m=137545592101387&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60644

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

bugzilla.redhat.com/show_bug.cgi?id=975134

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16545

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19588

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19611

5.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

Related for CVE-2013-2453

prion1 veracode11 cvelist1 ubuntucve1 openvas41 nessus46 redhat9 oraclelinux3 centos3 amazon2 mageia2 debian2 suse8 ubuntu3 ibm14 securityvulns1 gentoo2