ID CVE-2013-0449
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-09-2017 - 01:35)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2013-06-10T04:01:19.934-04:00
    class vulnerability
    contributors
    name Sergey Artykhov
    organization ALTX-SOFT
    definition_extensions
    comment Java SE Runtime Environment 7 is installed
    oval oval:org.mitre.oval:def:16050
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
    family windows
    id oval:org.mitre.oval:def:16610
    status accepted
    submitted 2013-04-22T10:26:26.748+04:00
    title Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
    version 5
  • accepted 2015-04-20T04:00:54.855-04:00
    class vulnerability
    contributors
    • name Ganesh Manal
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
    family unix
    id oval:org.mitre.oval:def:19123
    status accepted
    submitted 2013-11-22T11:43:28.000-05:00
    title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    version 47
redhat via4
advisories
rhsa
id RHSA-2013:0237
rpms
  • java-1.7.0-oracle-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.13-1jpp.1.el5_9
  • java-1.7.0-oracle-src-1:1.7.0.13-1jpp.3.el6_3
  • java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el6_4
refmap via4
cert TA13-032A
cert-vn VU#858729
confirm http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
hp
  • HPSBMU02874
  • HPSBUX02857
  • SSRT101103
  • SSRT101184
Last major update 19-09-2017 - 01:35
Published 02-02-2013 - 00:55
Last modified 19-09-2017 - 01:35
Back to Top