admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2013/CVE-2013-24xx/CVE-2013-2415.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

396 lines
14 KiB
JSON
Raw Blame History

{
"id": "CVE-2013-2415",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2013-04-17T18:55:06.827",
"lastModified": "2024-11-21T01:51:38.773",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"processing of MTOM attachments\" and the creation of temporary files with weak permissions."
},
{
"lang": "es",
"value": "La vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versi\u00f3n 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los usuarios locales afectar a la confidencialidad por medio de vectores relacionados con JAX-WS. NOTA: la informaci\u00f3n anterior procede de la CPU de abril de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema est\u00e1 relacionado con el \"processing of MTOM attachments\" y la creaci\u00f3n de archivos temporales con permisos d\u00e9biles."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"baseScore": 2.1,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:*:update17:*:*:*:*:*:*",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "9CBAECF5-3BFA-425A-A43F-8AEC3489A70F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*",
"matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*",
"matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*",
"matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*",
"matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*",
"matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*",
"matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*",
"matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*",
"matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*",
"matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:*:update17:*:*:*:*:*:*",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "D80851A9-BF3D-44EB-897A-5E992B98DBE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*",
"matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*",
"matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*",
"matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*",
"matchCriteriaId": "7FA1990D-BBC2-429C-872C-6150459516B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*",
"matchCriteriaId": "8DC2887E-610B-42FE-9A96-1E2F01BF17A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*",
"matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*",
"matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*",
"matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*",
"matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*",
"matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*",
"matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*",
"matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1"
}
]
}
]
}
],
"references": [
{
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"source": "secalert_us@oracle.com"
},
{
"url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"source": "secalert_us@oracle.com"
},
{
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba",
"source": "secalert_us@oracle.com"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html",
"source": "secalert_us@oracle.com"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml",
"source": "secalert_us@oracle.com"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145",
"source": "secalert_us@oracle.com"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"source": "secalert_us@oracle.com"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161",
"source": "secalert_us@oracle.com"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-1806-1",
"source": "secalert_us@oracle.com"
},
{
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A",
"source": "secalert_us@oracle.com",
"tags": [
"US Government Resource"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389",
"source": "secalert_us@oracle.com"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011",
"source": "secalert_us@oracle.com"
},
{
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"source": "secalert_us@oracle.com"
},
{
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"source": "secalert_us@oracle.com"
},
{
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282ba",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-1806-1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952389",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
],
"evaluatorComment": "4.Applies to client and server deployment of Java. This issue cannot be exploited by untrusted applets and Java Web Start applications. Local access is required to leverage this issue.\r\n \r\n"
}
Reference in New Issue View Git Blame Copy Permalink