CVE-2013-2415 — Incorrect Permission Assignment in Oracle JDK

CWE-732 — Incorrect Permission Assignment8 documents5 sources

Severity

10.0CRITICALNVD

NVD2.1

EPSS

0.1%

top 75.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE Oracle Jrockit

Timeline

PublishedApr 17

Latest updateMay 17

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDoracle/jdk1.7.0+1

▶NVDoracle/jre1.7.0+1

▶NVDoracle/jrockitr27.4+12

🔴Vulnerability Details

GHSA

GHSA-vv67-5vpg-hpc7: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local↗2022-05-17

▶

GHSA

GHSA-h72c-jjw4-vfrm: Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 6 vulnerabilities↗2013-05-07

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2013-04-23

▶

Red Hat

OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)↗2013-04-16

▶

💬Community

Bugzilla

CVE-2013-2415 OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)↗2013-04-15

▶