Vulnerability Name:

CVE-2013-2462 (CCN-85037)

Assigned:2013-06-18
Published:2013-06-18
Updated:2017-09-19
Summary:Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2013-2462

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:1256

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:1257

Source: HP
Type: UNKNOWN
HPSBUX02907

Source: CCN
Type: RHSA-2013-0963
Critical: java-1.7.0-oracle security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0963

Source: CCN
Type: RHSA-2013-1060
Critical: java-1.7.0-ibm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:1060

Source: CCN
Type: SA53759
Hitachi Cosminexus Products Oracle Java Multiple Vulnerabilities

Source: CCN
Type: SA53846
Oracle Java Multiple Vulnerabilities

Source: CCN
Type: SA53890
Apple Mac OS X update for Java

Source: CCN
Type: SA54154
IBM Java Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
54154

Source: CCN
Type: Apple Web site
About the security content of Java for OS X 2013-004 and Mac OS X v10.6 Update 16

Source: CCN
Type: IBM Security Bulletin 1642336
Multiple vulnerabilities in IBM WebSphere Real Time

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21642336

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21644197

Source: CCN
Type: IBM Security Bulletin 1647053
Multiple security vulnerabilities in IBM JREs 5 & 7

Source: CCN
Type: IBM Security Bulletin 1647384
IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Source: CCN
Type: IBM Security Bulletin 1649801
IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1650778
IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager

Source: CCN
Type: IBM Security Bulletin 1652561
TADDM 7.2.2.0 and 7.2.1.5: Vulnerabilities in embedded JRE

Source: CCN
Type: IBM Security Bulletin 1653090
CICS Transaction Gateway for Multiplatforms

Source: CCN
Type: Hitachi Security Vulnerability Information HS13-015
Multiple Vulnerabilities in Cosminexus

Source: CCN
Type: IBM Security Bulletin N1019760
Multiple vulnerabilities in the IBM i Java SDK

Source: CCN
Type: IBM Security Bulletin 1650599
IBM Tivoli System Automation for Integrated Operations Management 2.1.1 Vulnerability

Source: CCN
Type: Oracle Web site
Oracle Java SE Critical Patch Update Advisory - June 2013

Source: CONFIRM
Type: Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Source: CCN
Type: BID-60630
Oracle Java SE CVE-2013-2462 Remote Security Vulnerability

Source: CERT
Type: US Government Resource
TA13-169A

Source: XF
Type: UNKNOWN
oracle-javacpujun2013-cve20132462(85037)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:17257

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:19378

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:*:update21:*:*:*:*:*:* (Version <= 1.7.0)
  • OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:*:update21:*:*:*:*:*:* (Version <= 1.7.0)
  • OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:jre:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
  • OR cpe:/a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
  • OR cpe:/a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
  • AND
  • cpe:/a:hitachi:cosminexus_application_server:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_message_broker:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_developer:5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_real_time:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:operational_decision_manager:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20132462
    V
    		CVE-2013-2462
    2022-05-20
    oval:org.mitre.oval:def:19378
    V
    		HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:17257
    V
    		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
    2015-03-23
    oval:org.mitre.oval:def:21131
    P
    		RHSA-2013:1060: java-1.7.0-ibm security update (Critical)
    2015-03-09
    oval:org.mitre.oval:def:25758
    P
    		SUSE-SU-2013:1257-1 -- Security update for java-1_7_0-ibm
    2014-09-08
    oval:org.mitre.oval:def:25853
    P
    		SUSE-SU-2013:1256-1 -- Security update for java-1_7_0-ibm
    2014-09-08
    oval:org.mitre.oval:def:23596
    P
    		ELSA-2013:1060: java-1.7.0-ibm security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:23756
    P
    		ELSA-2013:0963: java-1.7.0-oracle security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:20743
    P
    		RHSA-2013:0963: java-1.7.0-oracle security update (Critical)
    2014-02-17
    oval:com.redhat.rhsa:def:20131060
    P
    		RHSA-2013:1060: java-1.7.0-ibm security update (Critical)
    2013-07-15
    oval:com.redhat.rhsa:def:20130963
    P
    		RHSA-2013:0963: java-1.7.0-oracle security update (Critical)
    2013-06-20
    oval:com.ubuntu.precise:def:20132462000
    V
    		CVE-2013-2462 on Ubuntu 12.04 LTS (precise) - medium.
    2013-06-18
    BACK
    oracle jre 1.7.0
    oracle jre 1.7.0 update1
    oracle jre 1.7.0 update10
    oracle jre 1.7.0 update11
    oracle jre 1.7.0 update13
    oracle jre 1.7.0 update15
    oracle jre 1.7.0 update17
    oracle jre 1.7.0 update2
    oracle jre * update21
    oracle jre 1.7.0 update3
    oracle jre 1.7.0 update4
    oracle jre 1.7.0 update5
    oracle jre 1.7.0 update6
    oracle jre 1.7.0 update7
    oracle jre 1.7.0 update9
    oracle jdk 1.7.0
    oracle jdk 1.7.0 update1
    oracle jdk 1.7.0 update10
    oracle jdk 1.7.0 update11
    oracle jdk 1.7.0 update13
    oracle jdk 1.7.0 update15
    oracle jdk 1.7.0 update17
    oracle jdk 1.7.0 update2
    oracle jdk * update21
    oracle jdk 1.7.0 update3
    oracle jdk 1.7.0 update4
    oracle jdk 1.7.0 update5
    oracle jdk 1.7.0 update6
    oracle jdk 1.7.0 update7
    oracle jdk 1.7.0 update9
    oracle jre 1.7.0
    oracle jre 1.7.0 update1
    oracle jre 1.7.0 update2
    oracle jre 1.7.0 update4
    oracle jdk 1.7.0 update4
    oracle jre 1.7.0 update3
    oracle jdk 1.7.0
    oracle jdk 1.7.0 update1
    oracle jdk 1.7.0 update2
    oracle jdk 1.7.0 update3
    oracle jre 1.7.0 update6
    oracle jre 1.7.0 update5
    oracle jre 1.7.0 update7
    oracle jre 1.7.0 update9
    oracle jre 1.7.0 update10
    oracle jdk 1.7.0 update7
    oracle jdk 1.7.0 update5
    oracle jdk 1.7.0 update6
    oracle jre 1.7.0 update11
    oracle jre 1.7.0 update13
    oracle jre 1.7.0 update15
    oracle jre 1.7.0 update17
    oracle jdk 1.7.0 update9
    oracle jdk 1.7.0 update10
    oracle jdk 1.7.0 update11
    oracle jdk 1.7.0 update13
    oracle jdk 1.7.0 update15
    oracle jdk 1.7.0 update17
    oracle jre 1.7.0 update21
    oracle jdk 1.7.0 update21
    hitachi cosminexus application server 6
    ibm websphere message broker 6.1
    hitachi cosminexus developer 5
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.2
    apple mac os x 10.6.8
    apple mac os x server 10.6.8
    ibm websphere real time 3.0
    ibm tivoli monitoring 6.2.3
    ibm operational decision manager 8.0
    ibm tivoli monitoring 6.2.0
    ibm operational decision manager 7.5
    ibm operational decision manager 8.5
    ibm tivoli monitoring 6.3.0
    ibm integration bus 9.0
    ibm tivoli application dependency discovery manager 7.2.1
    ibm tivoli application dependency discovery manager 7.2.0
    ibm tivoli application dependency discovery manager 7.2.2
    ibm tivoli application dependency discovery manager 7.2.1.5