CVE-2013-2449

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.  NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
oraclejre
𝑥
≤ 1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejre
1.7.0
oraclejdk
𝑥
≤ 1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
oraclejdk
1.7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
lucid
Fixed 6b27-1.12.6-1ubuntu0.10.04.1
released
precise
Fixed 6b27-1.12.6-1ubuntu0.12.04.1
released
quantal
Fixed 6b27-1.12.6-1ubuntu0.12.10.2
released
raring
Fixed 6b27-1.12.6-1ubuntu0.13.04.2
released
openjdk-6b18
lucid
ignored
precise
dne
quantal
dne
raring
dne
openjdk-7
lucid
dne
precise
Fixed 7u25-2.3.10-1ubuntu0.12.04.2
released
quantal
Fixed 7u25-2.3.10-1ubuntu0.12.10.2
released
raring
Fixed 7u25-2.3.10-1ubuntu0.13.04.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
java-1_7_0-openjdk
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12 SP2
1.7.0.111-33.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-demo
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12 SP2
1.7.0.111-33.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-devel
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12 SP2
1.7.0.111-33.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
java-1_7_0-openjdk-headless
suse enterprise sap 12 SP5
1.7.0.231-43.27.2
fixed
suse enterprise server 12 SP2
1.7.0.111-33.1
fixed
suse enterprise server 12 SP5
1.7.0.231-43.27.2
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
java-1.7.0-ibm
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-ibm-demo
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-ibm-devel
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-ibm-jdbc
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-ibm-plugin
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-ibm-src
RHEL 6
1:1.7.0.5.0-1jpp.2.el6_4
fixed
java-1.7.0-openjdk
RHEL 6
1:1.7.0.25-2.3.10.3.el6_4
fixed
java-1.7.0-openjdk-demo
RHEL 6
1:1.7.0.25-2.3.10.3.el6_4
fixed
java-1.7.0-openjdk-devel
RHEL 6
1:1.7.0.25-2.3.10.3.el6_4
fixed
java-1.7.0-openjdk-javadoc
RHEL 6
1:1.7.0.25-2.3.10.3.el6_4
fixed
java-1.7.0-openjdk-src
RHEL 6
1:1.7.0.25-2.3.10.3.el6_4
fixed
java-1.7.0-oracle
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
java-1.7.0-oracle-devel
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
java-1.7.0-oracle-javafx
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
java-1.7.0-oracle-jdbc
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
java-1.7.0-oracle-plugin
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
java-1.7.0-oracle-src
RHEL 6
1:1.7.0.25-1jpp.1.el6_4
fixed
References
http://advisories.mageia.org/MGASA-2013-0185.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://secunia.com/advisories/54154
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
https://bugzilla.redhat.com/show_bug.cgi?id=975145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18717
http://advisories.mageia.org/MGASA-2013-0185.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b1a2b9ac9714
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://secunia.com/advisories/54154
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
https://bugzilla.redhat.com/show_bug.cgi?id=975145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18717