Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-2465

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

Published

2013-06-18T22:55:02.807

Last Modified

2025-05-06T18:15:33.817

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-693

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	sun	jre	1.6.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	oracle	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Application	sun	jre	1.5.0	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_java	10	Yes
Operating System	suse	linux_enterprise_java	11	Yes
Operating System	suse	linux_enterprise_java	11	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_server	11	Yes
Operating System	suse	linux_enterprise_software_development_kit	11	Yes
Operating System	suse	linux_enterprise_software_development_kit	11	Yes

References

http://advisories.mageia.org/MGASA-2013-0185.html Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link ([email protected])
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040 Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=137545505800971&w=2 Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=137545592101387&w=2 Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-0963.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1059.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1060.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1081.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1455.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1456.html Third Party Advisory ([email protected])
http://secunia.com/advisories/54154 Not Applicable ([email protected])
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory ([email protected])
http://www-01.ibm.com/support/docview.wss?uid=swg21642336 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 Not Applicable ([email protected])
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/60657 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.us-cert.gov/ncas/alerts/TA13-169A Third Party Advisory, US Government Resource ([email protected])
https://access.redhat.com/errata/RHSA-2014:0414 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=975118 Issue Tracking ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703 Broken Link ([email protected])
http://advisories.mageia.org/MGASA-2013-0185.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=137545505800971&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=137545592101387&w=2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0963.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1059.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1060.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1081.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1455.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1456.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/54154 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www-01.ibm.com/support/docview.wss?uid=swg21642336 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/60657 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/ncas/alerts/TA13-169A Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2014:0414 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=975118 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability (af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability (af854a3a-2127-422b-91ae-364da2661108)