CVE-2013-2461

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 19-06-2013 12:55

Last modified: - 13-05-2022 04:35

Total changes: - 2

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Privileges required

Scope

User interaction

7.5

Base score

10.0

6.4

Exploitability score

Impact score

Verification logic

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_4

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_7

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_19

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_13

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_3

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_11

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_10

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_14

vendor=sun AND product=jdk AND version=1.6.0

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_17

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update31

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update32

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update33

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_12

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_15

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update29

vendor=sun AND product=jdk AND version=1.6.0 AND update=update1_b06

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update22

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update23

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update24

vendor=sun AND product=jdk AND version=1.6.0 AND update=update1

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_20

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_21

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_5

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update25

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update27

vendor=sun AND product=jdk AND version=1.6.0 AND update=update2

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_16

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_18

vendor=sun AND product=jdk AND version=1.6.0 AND update=update_6

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update30

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update34

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update26

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update37

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update39

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update41

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update43

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update35

vendor=oracle AND product=jdk AND version=1.6.0 AND update=update38

vendor=oracle AND product=jre AND version=1.7.0 AND update=update9

vendor=oracle AND product=jre AND version=1.7.0 AND update=update15

vendor=oracle AND product=jre AND version=1.7.0 AND update=update6

vendor=oracle AND product=jre AND version=1.7.0 AND update=update3

vendor=oracle AND product=jre AND version=1.7.0 AND update=update13

vendor=oracle AND product=jre AND version=1.7.0 AND update=update10

vendor=oracle AND product=jre AND version=1.7.0 AND update=update11

vendor=oracle AND product=jre AND version=1.7.0 AND update=update2

vendor=oracle AND product=jre AND version=1.7.0 AND update=update5

vendor=oracle AND product=jre AND version=1.7.0 AND update=update4

vendor=oracle AND product=jre AND version=1.7.0 AND update=update1

vendor=oracle AND product=jre AND version=1.7.0

vendor=oracle AND product=jre AND version=1.7.0 AND update=update7

vendor=oracle AND product=jre AND version=1.7.0 AND update=update17

vendor=oracle AND product=openjdk AND version=1.7.0

vendor=oracle AND product=jrockit AND versionEndIncluding=r27.7.5 AND versionStartIncluding=r27.7.1

vendor=oracle AND product=jrockit AND versionEndIncluding=r28.2.7 AND versionStartIncluding=r28.0.0

Reference

http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
https://bugzilla.redhat.com/show_bug.cgi?id=975126
RHSA-2013:0963-Third Party Advisory
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
54154-Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
TA13-169A-Third Party Advisory, US Government Resource
HPSBUX02908-Mailing List, Third Party Advisory
HPSBUX02907-Mailing List, Third Party Advisory
MDVSA-2013:183-Third Party Advisory
http://advisories.mageia.org/MGASA-2013-0185.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
GLSA-201406-32-Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities-Mailing List, Third Party Advisory
60645-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:19582-Third Party Advisory
oval:org.mitre.oval:def:19565-Third Party Advisory
oval:org.mitre.oval:def:16887-Third Party Advisory
RHSA-2014:0414-Third Party Advisory
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities-Third Party Advisory, VDB Entry

Keywords

CVE-2013-2461

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2013-2461

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures