7.5

CVE-2013-2461

EPSS 64.06%
Veröffentlicht 18.06.2013 22:55:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.  NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Jdk Version1.6.0 Updateupdate22

Oracle ≫ Jdk Version1.6.0 Updateupdate23

Oracle ≫ Jdk Version1.6.0 Updateupdate24

Oracle ≫ Jdk Version1.6.0 Updateupdate25

Oracle ≫ Jdk Version1.6.0 Updateupdate26

Oracle ≫ Jdk Version1.6.0 Updateupdate27

Oracle ≫ Jdk Version1.6.0 Updateupdate29

Oracle ≫ Jdk Version1.6.0 Updateupdate30

Oracle ≫ Jdk Version1.6.0 Updateupdate31

Oracle ≫ Jdk Version1.6.0 Updateupdate32

Oracle ≫ Jdk Version1.6.0 Updateupdate33

Oracle ≫ Jdk Version1.6.0 Updateupdate34

Oracle ≫ Jdk Version1.6.0 Updateupdate35

Oracle ≫ Jdk Version1.6.0 Updateupdate37

Oracle ≫ Jdk Version1.6.0 Updateupdate38

Oracle ≫ Jdk Version1.6.0 Updateupdate39

Oracle ≫ Jdk Version1.6.0 Updateupdate41

Oracle ≫ Jdk Version1.6.0 Updateupdate43

Sun ≫ Jdk Version1.6.0

Sun ≫ Jdk Version1.6.0 Updateupdate_10

Sun ≫ Jdk Version1.6.0 Updateupdate_11

Sun ≫ Jdk Version1.6.0 Updateupdate_12

Sun ≫ Jdk Version1.6.0 Updateupdate_13

Sun ≫ Jdk Version1.6.0 Updateupdate_14

Sun ≫ Jdk Version1.6.0 Updateupdate_15

Sun ≫ Jdk Version1.6.0 Updateupdate_16

Sun ≫ Jdk Version1.6.0 Updateupdate_17

Sun ≫ Jdk Version1.6.0 Updateupdate_18

Sun ≫ Jdk Version1.6.0 Updateupdate_19

Sun ≫ Jdk Version1.6.0 Updateupdate_20

Sun ≫ Jdk Version1.6.0 Updateupdate_21

Sun ≫ Jdk Version1.6.0 Updateupdate_3

Sun ≫ Jdk Version1.6.0 Updateupdate_4

Sun ≫ Jdk Version1.6.0 Updateupdate_5

Sun ≫ Jdk Version1.6.0 Updateupdate_6

Sun ≫ Jdk Version1.6.0 Updateupdate_7

Sun ≫ Jdk Version1.6.0 Updateupdate1

Sun ≫ Jdk Version1.6.0 Updateupdate1_b06

Sun ≫ Jdk Version1.6.0 Updateupdate2

Oracle ≫ Jre Version1.7.0

Oracle ≫ Jre Version1.7.0 Updateupdate1

Oracle ≫ Jre Version1.7.0 Updateupdate10

Oracle ≫ Jre Version1.7.0 Updateupdate11

Oracle ≫ Jre Version1.7.0 Updateupdate13

Oracle ≫ Jre Version1.7.0 Updateupdate15

Oracle ≫ Jre Version1.7.0 Updateupdate17

Oracle ≫ Jre Version1.7.0 Updateupdate2

Oracle ≫ Jre Version1.7.0 Updateupdate3

Oracle ≫ Jre Version1.7.0 Updateupdate4

Oracle ≫ Jre Version1.7.0 Updateupdate5

Oracle ≫ Jre Version1.7.0 Updateupdate6

Oracle ≫ Jre Version1.7.0 Updateupdate7

Oracle ≫ Jre Version1.7.0 Updateupdate9

Oracle ≫ Jrockit Version >= r27.7.1 <= r27.7.5

Oracle ≫ Jrockit Version >= r28.0.0 <= r28.2.7

Oracle ≫ Openjdk Version1.7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	64.06%	0.982

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Vendor Advisory

http://security.gentoo.org/glsa/glsa-201406-32.xml

Third Party Advisory

http://seclists.org/fulldisclosure/2014/Dec/23

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Vendor Advisory

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Third Party Advisory

http://marc.info/?l=bugtraq&m=137545592101387&w=2

Third Party Advisory

Mailing List

http://advisories.mageia.org/MGASA-2013-0185.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0963.html

Third Party Advisory

http://secunia.com/advisories/54154

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:183

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Vendor Advisory

http://www.us-cert.gov/ncas/alerts/TA13-169A

Third Party Advisory

US Government Resource

https://access.redhat.com/errata/RHSA-2014:0414

Third Party Advisory

http://marc.info/?l=bugtraq&m=137545505800971&w=2

Third Party Advisory

Mailing List

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Vendor Advisory

http://www.securityfocus.com/bid/60645

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=975126

Third Party Advisory

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-2461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2461

EUVD