Lucene search

[email protected]NVD:CVE-2013-2415

HistoryApr 17, 2013 - 6:55 p.m.

CVE-2013-2415

2013-04-1718:55:06

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to “processing of MTOM attachments” and the creation of temporary files with weak permissions.

Affected configurations

NVD

Node

oraclejreRange≤1.7.0update17

oraclejreMatch1.7.0

oraclejreMatch1.7.0update1

oraclejreMatch1.7.0update10

oraclejreMatch1.7.0update11

oraclejreMatch1.7.0update13

oraclejreMatch1.7.0update15

oraclejreMatch1.7.0update2

oraclejreMatch1.7.0update3

oraclejreMatch1.7.0update4

oraclejreMatch1.7.0update5

oraclejreMatch1.7.0update6

oraclejreMatch1.7.0update7

oraclejreMatch1.7.0update9

Node

oraclejdkRange≤1.7.0update17

oraclejdkMatch1.7.0

oraclejdkMatch1.7.0update1

oraclejdkMatch1.7.0update10

oraclejdkMatch1.7.0update11

oraclejdkMatch1.7.0update13

oraclejdkMatch1.7.0update15

oraclejdkMatch1.7.0update2

oraclejdkMatch1.7.0update3

oraclejdkMatch1.7.0update4

oraclejdkMatch1.7.0update5

oraclejdkMatch1.7.0update6

oraclejdkMatch1.7.0update7

oraclejdkMatch1.7.0update9

References

blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba

lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html

lists.opensuse.org/opensuse-updates/2013-05/msg00017.html

lists.opensuse.org/opensuse-updates/2013-06/msg00099.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html

rhn.redhat.com/errata/RHSA-2013-0752.html

rhn.redhat.com/errata/RHSA-2013-0757.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.mandriva.com/security/advisories?name=MDVSA-2013:145

www.mandriva.com/security/advisories?name=MDVSA-2013:150

www.mandriva.com/security/advisories?name=MDVSA-2013:161

www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

www.ubuntu.com/usn/USN-1806-1

www.us-cert.gov/ncas/alerts/TA13-107A

bugzilla.redhat.com/show_bug.cgi?id=952389

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2013-2415

cve2 prion2 ubuntucve1 veracode1 cvelist2 nvd1 ibm15 openvas31 nessus35 centos3 suse1 ubuntu2 redhat5 oraclelinux3 fedora3 amazon2 securityvulns1 oracle1 gentoo2