CVE-2013-0449 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throug

CVE-2013-0449

Summary

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"

References

Vulnerable Configurations

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-09-2017 - 01:35)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2013-06-10T04:01:19.934-04:00

class

vulnerability

contributors

name	Sergey Artykhov
organization	ALTX-SOFT

definition_extensions

comment	Java SE Runtime Environment 7 is installed
oval	oval:org.mitre.oval:def:16050

description

family

windows

oval:org.mitre.oval:def:16610

status

accepted

submitted

2013-04-22T10:26:26.748+04:00

title

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

version

accepted

2015-04-20T04:00:54.855-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19123

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities

version

redhat via4

advisories

rhsa

id	RHSA-2013:0237

rpms

java-1.7.0-oracle-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-devel-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-javafx-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-jdbc-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-plugin-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-oracle-src-1:1.7.0.13-1jpp.1.el5_9
java-1.7.0-oracle-src-1:1.7.0.13-1jpp.3.el6_3
java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el6_4
java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el5_9
java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el6_4

refmap via4

cert	TA13-032A
cert-vn	VU#858729
confirm	http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
hp	HPSBMU02874 HPSBUX02857 SSRT101103 SSRT101184

Last major update

19-09-2017 - 01:35

Published

02-02-2013 - 00:55

Last modified

19-09-2017 - 01:35