Published: 18/06/2013 Updated: 13/05/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and previous versions and 6 Update 45 and previous versions; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and previous versions and R28.2.7 and previous versions; and OpenJDK 7 allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote malicious users to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun jdk 1.6.0
oracle jdk 1.6.0
oracle jre 1.7.0
oracle openjdk 1.7.0
oracle jrockit

Several security issues were fixed in OpenJDK 6 ...

IcedTea Web updated to work with new OpenJDK 7 ...

Several security issues were fixed in OpenJDK 7 ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service For the oldstable distribution (squeeze), these problems have been fixed in version 6b27-1126-1~deb6u1 For the stable dis ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service For the stable distribution (wheezy), these problems have been fixed in version 7u25-2310-1~deb7u1 In addition icedtea-we ...

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE- ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html https://bugzilla.redhat.com/show_bug.cgi?id=975126 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html http://secunia.com/advisories/54154 http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.us-cert.gov/ncas/alerts/TA13-169A http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 http://advisories.mageia.org/MGASA-2013-0185.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://www.securityfocus.com/bid/60645 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887 https://access.redhat.com/errata/RHSA-2014:0414 http://www.securityfocus.com/archive/1/534161/100/0/threaded https://nvd.nist.gov https://usn.ubuntu.com/1908-1/

CVE-2013-2461

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect