FKIE_CVE-2013-2415

Vulnerability from fkie_nvd - Published: 2013-04-17 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
References
secalert_us@oracle.comhttp://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
secalert_us@oracle.comhttp://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
secalert_us@oracle.comhttp://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
secalert_us@oracle.comhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
secalert_us@oracle.comhttp://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2013-0752.html
secalert_us@oracle.comhttp://rhn.redhat.com/errata/RHSA-2013-0757.html
secalert_us@oracle.comhttp://security.gentoo.org/glsa/glsa-201406-32.xml
secalert_us@oracle.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:145
secalert_us@oracle.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:150
secalert_us@oracle.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:161
secalert_us@oracle.comhttp://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlVendor Advisory
secalert_us@oracle.comhttp://www.ubuntu.com/usn/USN-1806-1
secalert_us@oracle.comhttp://www.us-cert.gov/ncas/alerts/TA13-107AUS Government Resource
secalert_us@oracle.comhttps://bugzilla.redhat.com/show_bug.cgi?id=952389
secalert_us@oracle.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011
secalert_us@oracle.comhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
secalert_us@oracle.comhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
af854a3a-2127-422b-91ae-364da2661108http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
af854a3a-2127-422b-91ae-364da2661108http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
af854a3a-2127-422b-91ae-364da2661108http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html
af854a3a-2127-422b-91ae-364da2661108http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0752.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0757.html
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201406-32.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:145
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:161
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1806-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/ncas/alerts/TA13-107AUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=952389
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011
af854a3a-2127-422b-91ae-364da2661108https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124
af854a3a-2127-422b-91ae-364da2661108https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130
Impacted products
Vendor Product Version
oracle jre *
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jre 1.7.0
oracle jdk *
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
oracle jdk 1.7.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jre:*:update17:*:*:*:*:*:*",
              "matchCriteriaId": "9CBAECF5-3BFA-425A-A43F-8AEC3489A70F",
              "versionEndIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:*:update17:*:*:*:*:*:*",
              "matchCriteriaId": "D80851A9-BF3D-44EB-897A-5E992B98DBE1",
              "versionEndIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*",
              "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*",
              "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*",
              "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*",
              "matchCriteriaId": "7FA1990D-BBC2-429C-872C-6150459516B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*",
              "matchCriteriaId": "8DC2887E-610B-42FE-9A96-1E2F01BF17A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*",
              "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*",
              "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*",
              "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*",
              "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*",
              "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*",
              "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS.  NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"processing of MTOM attachments\" and the creation of temporary files with weak permissions."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versi\u00f3n 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los usuarios locales afectar a la confidencialidad por medio de vectores relacionados con JAX-WS. NOTA: la informaci\u00f3n anterior procede de la CPU de abril de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema est\u00e1 relacionado con el \"processing of MTOM attachments\" y la creaci\u00f3n de archivos temporales con permisos d\u00e9biles."
    }
  ],
  "evaluatorComment": "4.Applies to client and server deployment of Java. This issue cannot be exploited by untrusted applets and Java Web Start applications. Local access is required to leverage this issue.\r\n \r\n",
  "id": "CVE-2013-2415",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-17T18:55:06.827",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.ubuntu.com/usn/USN-1806-1"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1806-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.