Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-2461
HistoryJun 18, 2013 - 10:55 p.m.

CVE-2013-2461

2013-06-1822:55:02
[email protected]
web.nvd.nist.gov
133
cve-2013-2461
java
jre
oracle
remote attack
confidentiality
integrity
availability
vulnerability
openjdk
jrockit
fusion middleware

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.683 Medium

EPSS

Percentile

98.0%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a “Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm.”

Affected configurations

NVD
Node
oraclejdkMatch1.6.0update22
OR
oraclejdkMatch1.6.0update23
OR
oraclejdkMatch1.6.0update24
OR
oraclejdkMatch1.6.0update25
OR
oraclejdkMatch1.6.0update26
OR
oraclejdkMatch1.6.0update27
OR
oraclejdkMatch1.6.0update29
OR
oraclejdkMatch1.6.0update30
OR
oraclejdkMatch1.6.0update31
OR
oraclejdkMatch1.6.0update32
OR
oraclejdkMatch1.6.0update33
OR
oraclejdkMatch1.6.0update34
OR
oraclejdkMatch1.6.0update35
OR
oraclejdkMatch1.6.0update37
OR
oraclejdkMatch1.6.0update38
OR
oraclejdkMatch1.6.0update39
OR
oraclejdkMatch1.6.0update41
OR
oraclejdkMatch1.6.0update43
OR
sunjdkMatch1.6.0
OR
sunjdkMatch1.6.0update_10
OR
sunjdkMatch1.6.0update_11
OR
sunjdkMatch1.6.0update_12
OR
sunjdkMatch1.6.0update_13
OR
sunjdkMatch1.6.0update_14
OR
sunjdkMatch1.6.0update_15
OR
sunjdkMatch1.6.0update_16
OR
sunjdkMatch1.6.0update_17
OR
sunjdkMatch1.6.0update_18
OR
sunjdkMatch1.6.0update_19
OR
sunjdkMatch1.6.0update_20
OR
sunjdkMatch1.6.0update_21
OR
sunjdkMatch1.6.0update_3
OR
sunjdkMatch1.6.0update_4
OR
sunjdkMatch1.6.0update_5
OR
sunjdkMatch1.6.0update_6
OR
sunjdkMatch1.6.0update_7
OR
sunjdkMatch1.6.0update1
OR
sunjdkMatch1.6.0update1_b06
OR
sunjdkMatch1.6.0update2
Node
oraclejreMatch1.7.0
OR
oraclejreMatch1.7.0update1
OR
oraclejreMatch1.7.0update10
OR
oraclejreMatch1.7.0update11
OR
oraclejreMatch1.7.0update13
OR
oraclejreMatch1.7.0update15
OR
oraclejreMatch1.7.0update17
OR
oraclejreMatch1.7.0update2
OR
oraclejreMatch1.7.0update3
OR
oraclejreMatch1.7.0update4
OR
oraclejreMatch1.7.0update5
OR
oraclejreMatch1.7.0update6
OR
oraclejreMatch1.7.0update7
OR
oraclejreMatch1.7.0update9
Node
oraclejrockitRanger27.7.1r27.7.5
OR
oraclejrockitRanger28.0.0r28.2.7
OR
oracleopenjdkMatch1.7.0

References

Related

veracode 1
ubuntucve 1
cvelist 1
checkpoint_advisories 1
prion 1
ibm 4
nvd 1
nessus 40
openvas 35
amazon 2
redhat 5
oraclelinux 3
centos 3
suse 2
debian 2
mageia 2
ubuntu 3
securityvulns 2
oracle 3
gentoo 2
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:32
ubuntucve
ubuntucve
CVE-2013-2461
2013-06-18 00:00:00
cvelist
cvelist
CVE-2013-2461
2013-06-18 22:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE XML Digital Signature Spoofing (CVE-2013-2461)
2013-10-27 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
ibm
ibm
Security Bulletin: TM1 Java Untrusted data (XML)Vulnerability (CVE-2013-2461)
2018-06-15 22:26:31
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
Security Bulletin: Potential Security Vulnerabilities in Oracle Java 6 SDK affecting IBM WebSphere Multichannel Bank Transformation Toolkit version 8
2018-06-16 19:32:17
nvd
nvd
CVE-2013-2461
2013-06-18 22:55:02
nessus
nessus
Oracle JRockit R27 < R27.7.6 / R28 < R28.2.8 Unspecified Vulnerability (July 2013 CPU)
2013-08-12 00:00:00
RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)
2013-07-05 00:00:00
Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)
2014-08-22 00:00:00
openvas
openvas
Oracle Java SE Multiple Vulnerabilities -04 (Jun 2013) - Windows
2013-06-24 00:00:00
Oracle Java SE Multiple Vulnerabilities -04 June 13 (Windows)
2013-06-24 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-207)
2015-09-08 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:0958) Important: java-1.7.0-openjdk security update
2013-06-19 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
suse
suse
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
Security update for java-1_7_0-openjdk (important)
2013-07-25 16:04:14
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:11:57
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:52:23
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-08-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

6.2 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.683 Medium

EPSS

Percentile

98.0%

JSON
Related for CVE-2013-2461
veracode1ubuntucve1cvelist1checkpoint_advisories1prion1ibm4nvd1nessus40openvas35amazon2redhat5oraclelinux3centos3suse2debian2mageia2ubuntu3securityvulns2oracle3gentoo2