Vulnerability CVE-2013-2428

Vulnerability Name:

CVE-2013-2428 (CCN-83568)

Assigned:

2013-04-16

Published:

2013-04-16

Updated:

2017-09-19

Summary:

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Vulnerable Configuration:

Configuration 1:

cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

OR cpe:/a:oracle:jre:*:update17:*:*:*:*:*:* (Version <= 1.7.0)

OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2:

cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:*:update17:*:*:*:*:*:* (Version <= 1.7.0)

OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:*:*:*:*:*:*:*:* (Version <= 2.2.7)

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:oracle:javafx:2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

OR cpe:/a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

OR cpe:/a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.7:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:javafx:2.2.5:*:*:*:*:*:*:*

AND

cpe:/a:ibm:maximo_asset_management:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:1.5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:intelligent_operations_center:1.5.0.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:23807	P	ELSA-2013:0757: java-1.7.0-oracle security update (Critical)	2014-05-26
oval:org.mitre.oval:def:20955	P	RHSA-2013:0757: java-1.7.0-oracle security update (Critical)	2014-02-17
oval:org.mitre.oval:def:16416	V	Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before and JavaFX 2.2.7 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution.	2013-06-03
oval:com.redhat.rhsa:def:20130757	P	RHSA-2013:0757: java-1.7.0-oracle security update (Critical)	2013-04-18
oval:com.ubuntu.precise:def:20132428000	V	CVE-2013-2428 on Ubuntu 12.04 LTS (precise) - medium.	2013-04-17

BACK