Vulnerability CVE-2013-2460
Published: 2013-06-18   Modified: 2013-06-19

Description:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component.

See advisories in our WLB2 database:
Topic
Author
Date
High
Java Applet ProviderSkeleton Insecure Invoke Method
Matthias Kaiser
27.06.2013

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Oracle -> JDK 
Oracle -> JRE 

 References:
http://www.us-cert.gov/ncas/alerts/TA13-169A
https://bugzilla.redhat.com/show_bug.cgi?id=975122
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://secunia.com/advisories/54154
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19129
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:17116
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a
http://advisories.mageia.org/MGASA-2013-0185.html
Copyright 2024, cxsecurity.com

 

Back to Top