{ "id": "CVE-2013-2415", "sourceIdentifier": "secalert_us@oracle.com", "published": "2013-04-17T18:55:06.827", "lastModified": "2024-11-21T01:51:38.773", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"processing of MTOM attachments\" and the creation of temporary files with weak permissions." }, { "lang": "es", "value": "La vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versi\u00f3n 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los usuarios locales afectar a la confidencialidad por medio de vectores relacionados con JAX-WS. NOTA: la informaci\u00f3n anterior procede de la CPU de abril de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema est\u00e1 relacionado con el \"processing of MTOM attachments\" y la creaci\u00f3n de archivos temporales con permisos d\u00e9biles." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 2.1, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:*:update17:*:*:*:*:*:*", "versionEndIncluding": "1.7.0", "matchCriteriaId": "9CBAECF5-3BFA-425A-A43F-8AEC3489A70F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:*:update17:*:*:*:*:*:*", "versionEndIncluding": "1.7.0", "matchCriteriaId": "D80851A9-BF3D-44EB-897A-5E992B98DBE1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "matchCriteriaId": "7FA1990D-BBC2-429C-872C-6150459516B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "matchCriteriaId": "8DC2887E-610B-42FE-9A96-1E2F01BF17A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1" } ] } ] } ], "references": [ { "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", "source": "secalert_us@oracle.com" }, { "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", "source": "secalert_us@oracle.com" }, { "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba", "source": "secalert_us@oracle.com" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html", "source": "secalert_us@oracle.com" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html", "source": "secalert_us@oracle.com" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html", "source": "secalert_us@oracle.com" }, { "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html", "source": "secalert_us@oracle.com" }, { "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html", "source": "secalert_us@oracle.com" }, { "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html", "source": "secalert_us@oracle.com" }, { "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "secalert_us@oracle.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145", "source": "secalert_us@oracle.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "source": "secalert_us@oracle.com" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161", "source": "secalert_us@oracle.com" }, { "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "source": "secalert_us@oracle.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-1806-1", "source": "secalert_us@oracle.com" }, { "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A", "source": "secalert_us@oracle.com", "tags": [ "US Government Resource" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389", "source": "secalert_us@oracle.com" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011", "source": "secalert_us@oracle.com" }, { "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", "source": "secalert_us@oracle.com" }, { "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", "source": "secalert_us@oracle.com" }, { "url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.ubuntu.com/usn/USN-1806-1", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "US Government Resource" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", "source": "af854a3a-2127-422b-91ae-364da2661108" } ], "evaluatorComment": "4.Applies to client and server deployment of Java. This issue cannot be exploited by untrusted applets and Java Web Start applications. Local access is required to leverage this issue.\r\n \r\n" }