CVE-2013-2449 — Oracle JDK vulnerability

8 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

2.5%

top 14.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JDK Oracle JRE

Timeline

PublishedJun 18

Latest updateMay 17

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to GnomeFileTypeDetector and a missing check for read permissions for a path.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDoracle/jdk1.7.0+1

▶NVDoracle/jre1.7.0+1

🔴Vulnerability Details

GHSA

GHSA-6hpx-2f6c-q7xg: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote atta↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

OpenJDK 6 vulnerabilities↗2013-07-23

▶

Ubuntu

OpenJDK 7 vulnerabilities↗2013-07-16

▶

Ubuntu

IcedTea Web update↗2013-07-16

▶

Red Hat

OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288)↗2013-06-18

▶

💬Community

Bugzilla

CVE-2013-4232 libtiff (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()↗2013-08-12

▶

Bugzilla

CVE-2013-2449 OpenJDK: GnomeFileTypeDetector path access check (Libraries, 8004288)↗2013-06-17

▶