CVE-2013-2447

7 documents6 sources
Severity
5.0MEDIUM
EPSS
3.9%
top 11.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Oracle JDKOracle JRESUN JDK+1 more
Timeline
PublishedJun 18
Latest updateMay 14

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsist

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDoracle/jdk1.7.0+5
NVDoracle/jre1.7.0+5
NVDsun/jdk1.5.0, 1.6.0+1
NVDsun/jre1.5.0, 1.6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-6q4g-vp2w-v6q7: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 52022-05-14
CVEList
CVE-2013-2447: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 52013-06-18

📋Vendor Advisories

3
Ubuntu
OpenJDK 6 vulnerabilities2013-07-23
Ubuntu
OpenJDK 7 vulnerabilities2013-07-16
Red Hat
OpenJDK: Prevent revealing the local address (Networking, 8001318)2013-06-18

💬Community

1
Bugzilla
CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)2013-06-17
CVE-2013-2447 (MEDIUM CVSS 5) | Unspecified vulnerability in the Ja | cvebase.io