CVE-2013-2461

Published Jun 18, 2013

Last updated 3 years ago

CVSS info 7.5

Overview

Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
Source: secalert_us@oracle.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Evaluator

Comment: Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 'Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.'
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "301E96A3-AD2F-48F3-9166-571BD6F9FAE3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C9215D9-DB64-4CEE-85E6-E247035EFB09"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352509FE-54D9-4A59-98B7-96E5E98BC2CF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3EC13D3-4CE7-459C-A7D7-7D38C1284720"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDCD1B4-C5F3-4188-B05F-23922F7DE517"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1824DA2D-26D5-4595-8376-8E41AB8C5E52"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72F78B7-10D1-49CF-AC4D-3B10921CB633"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60D05860-9424-4727-B583-74A35BC9BDFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F85DB431-FEA4-42E7-AC29-6B66174DCD9E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB7E911C-C780-440A-ABFF-CCE09061BB4F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0381EE39-2F60-49FD-A63A-B9E81C9033CB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD75455-B7F0-4F42-98E7-CAA43787D606"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BF0FD06-3953-49AB-A9AA-ACB6883E2D2E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62823E8E-99CF-40DB-B43E-CBA4E9A2F916"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEA04B0D-D4E3-497D-9564-046B1CDA2342"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD3522AD-6CE5-43A3-A108-FBEEE4C226B7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2F3B6EB-694F-44E9-9502-8487DCEC84BB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1ED02C60-AD2E-4DAD-89DA-E978B6D6422A"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3A4FEC7-A4A0-4B5C-A56C-8F80AE19865E"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "722A93D8-B5BC-42F3-92A2-E424F61269A8"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "775F2611-F11C-4B84-8F40-0D034B81BF18"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F20FDD9F-FF45-48BC-9207-54FB02E76071"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA326F5-894A-4B01-BCA3-B126DA81CA59"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "228AB7B4-4BA4-43D4-B562-D438884DB152"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD5C688-2103-4D60-979E-D9BE69A989C3"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21421215-F722-4207-A2E5-E2DF4B29859B"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFB9EA23-0EF7-4582-A265-3F5AA9EC81B0"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C367B418-659E-4627-B1F1-1B1216C99055"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD5E6D4E-DDDD-4B45-B5E9-F8A916287AF9"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7358492A-491C-491E-AEDF-63CB82619BAA"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3DACAAF-AFDC-4391-9E85-344F30937F76"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D98175BF-B084-4FA5-899D-9E80DC3923EE"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "820632CE-F8DF-47EE-B716-7530E60008B7"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA2BD0A3-7B2D-447B-ABAC-7B867B03B632"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D54AB785-E9B7-47BD-B756-0C3A629D67DD"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9412098-0353-4F7B-9245-010557E6C651"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD30DAEB-4893-41CF-A455-B69C463B9337"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D6CE7E-A036-496C-8E08-A87F62B5290A"
          },
          {
            "criteria": "cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8F93BBE-1E8C-4EB3-BCC7-20AB2D813F98"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37B5B98B-0E41-4397-8AB0-C18C6F10AED1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C8723BA-8042-4E0B-94D5-558137D289E1",
            "versionEndIncluding": "r27.7.5",
            "versionStartIncluding": "r27.7.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CCF03EA-0C82-4B39-A995-DBF760864191",
            "versionEndIncluding": "r28.2.7",
            "versionStartIncluding": "r28.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "662D4C81-DD97-4A36-8F15-CCE6ADA6456E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References