CVE-2013-2449

{"id": "CVE-2013-2449", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-06-18T22:55:02.473", "references": [{"url": "http://advisories.mageia.org/MGASA-2013-0185.html", "source": "secalert_us@oracle.com"}, {"url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html", "source": "secalert_us@oracle.com"}, {"url": "http://secunia.com/advisories/54154", "source": "secalert_us@oracle.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "source": "secalert_us@oracle.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", "source": "secalert_us@oracle.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/ncas/alerts/TA13-169A", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=975145", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17192", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18717", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path."}, {"lang": "es", "value": "La vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versi\u00f3n 7 Update 21 y anteriores, y OpenJDK versi\u00f3n 7 de Oracle, permite a los atacantes remotos afectar a la confidencialidad por medio de vectores desconocidos relacionados con Libraries. NOTA: la informaci\u00f3n previa es de la CPU de junio de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema est\u00e1 relacionado con GnomeFileTypeDetector y una falta de comprobaci\u00f3n para los permisos de lectura de una ruta (path)."}], "lastModified": "2017-09-19T01:36:20.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42F9C9BD-C6F4-4E9B-B5BE-A776259B5A3F", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B5B98B-0E41-4397-8AB0-C18C6F10AED1"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E84798AA-D2D0-49C7-BB4D-A331E5FDCF49", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FA1990D-BBC2-429C-872C-6150459516B1"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC2887E-610B-42FE-9A96-1E2F01BF17A3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "130849CD-A581-4FE6-B2AA-99134F16FE65"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html\r\n\r\n'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'", "sourceIdentifier": "secalert_us@oracle.com"}