Vulnerability Details : CVE-2013-2461

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."

Published 2013-06-18 22:55:03

Updated 2022-05-13 14:35:27

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-2461

Probability of exploitation activity in the next 30 days: 68.34%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-2461

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2013-2461

http://marc.info/?l=bugtraq&m=137545592101387&w=2

Mailing List;Third Party Advisory

CVEs referencing this url
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2

Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

Vendor Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2014:0414

Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16887

Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183

Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=975126

Issue Tracking;Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23

Mailing List;Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2013-0963.html

Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19582

Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://advisories.mageia.org/MGASA-2013-0185.html

Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19565

Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA13-169A

Third Party Advisory;US Government Resource

CVEs referencing this url
http://marc.info/?l=bugtraq&m=137545505800971&w=2

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/60645

Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Vendor Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201406-32.xml

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2013-2461

SUN » JDK » Version: 1.6.0 Update Update1
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update2
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 4
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 3
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 7
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 10
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 5
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 6
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 11
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update1 B06
cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 12
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 13
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 16
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 14
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 15
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 17
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 18
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 20
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 19
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
Matching versions
SUN » JDK » Version: 1.6.0 Update Update 21
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
Matching versions
Oracle » Jrockit
Versions from including (>=) r27.7.1 and up to, including, (<=) r27.7.5
cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*
Matching versions
Oracle » Jrockit
Versions from including (>=) r28.0.0 and up to, including, (<=) r28.2.7
cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update32
cpe:2.3:a:oracle:jdk:1.6.0:update32:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update31
cpe:2.3:a:oracle:jdk:1.6.0:update31:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update23
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update22
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update29
cpe:2.3:a:oracle:jdk:1.6.0:update29:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update33
cpe:2.3:a:oracle:jdk:1.6.0:update33:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update25
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update24
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update27
cpe:2.3:a:oracle:jdk:1.6.0:update27:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update43
cpe:2.3:a:oracle:jdk:1.6.0:update43:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update30
cpe:2.3:a:oracle:jdk:1.6.0:update30:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update34
cpe:2.3:a:oracle:jdk:1.6.0:update34:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update39
cpe:2.3:a:oracle:jdk:1.6.0:update39:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update41
cpe:2.3:a:oracle:jdk:1.6.0:update41:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update38
cpe:2.3:a:oracle:jdk:1.6.0:update38:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update37
cpe:2.3:a:oracle:jdk:1.6.0:update37:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update35
cpe:2.3:a:oracle:jdk:1.6.0:update35:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update26
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update1
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update4
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update5
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update2
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update3
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update6
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update7
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update9
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update10
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update11
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update17
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update15
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update13
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
Matching versions
Oracle » Openjdk » Version: 1.7.0
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*
Matching versions