ID CVE-2013-1485
Summary Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Per vendor Note 1 "Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)"
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-09-2017 - 01:36)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2015-04-20T04:01:13.265-04:00
class vulnerability
contributors
  • name Ganesh Manal
    organization Hewlett-Packard
  • name Sushant Kumar Singh
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
family unix
id oval:org.mitre.oval:def:19388
status accepted
submitted 2013-11-22T11:43:28.000-05:00
title HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
version 48
redhat via4
rpms
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-demo-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-devel-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el5_9
  • java-1.7.0-openjdk-src-1:1.7.0.9-2.3.7.1.el6_3
  • java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-oracle-devel-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-devel-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-oracle-javafx-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-javafx-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-oracle-jdbc-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-jdbc-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-oracle-plugin-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-plugin-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-oracle-src-1:1.7.0.15-1jpp.1.el5_9
  • java-1.7.0-oracle-src-1:1.7.0.15-1jpp.1.el6_3
  • java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-demo-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-devel-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-jdbc-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-plugin-1:1.7.0.4.0-1jpp.2.el6_4
  • java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el5_9
  • java-1.7.0-ibm-src-1:1.7.0.4.0-1jpp.2.el6_4
refmap via4
cert TA13-051A
confirm
gentoo GLSA-201406-32
hp
  • HPSBMU02874
  • HPSBUX02857
  • SSRT101103
  • SSRT101184
mandriva MDVSA-2013:095
misc http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
ubuntu USN-1735-1
Last major update 19-09-2017 - 01:36
Published 20-02-2013 - 21:55
Last modified 19-09-2017 - 01:36
Back to Top