{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-01T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01.000Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "TA13-032A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "RHSA-2013:0237", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "oval:org.mitre.oval:def:19123", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "oval:org.mitre.oval:def:16610", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2013-0449", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA13-032A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "RHSA-2013:0237", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"}, {"name": "HPSBUX02857", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "oval:org.mitre.oval:def:19123", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123"}, {"name": "HPSBMU02874", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "SSRT101103", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "SSRT101184", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "oval:org.mitre.oval:def:16610", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:10.361Z"}, "title": "CVE Program Container", "references": [{"name": "TA13-032A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"name": "VU#858729", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"name": "RHSA-2013:0237", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "oval:org.mitre.oval:def:19123", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "oval:org.mitre.oval:def:16610", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2013-0449", "datePublished": "2013-02-02T00:00:00.000Z", "dateReserved": "2012-12-07T00:00:00.000Z", "dateUpdated": "2024-08-06T14:25:10.361Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de Oracle Java SE v7 hasta la Update v11 permite ataques remotos que afectan a la confidencialidad por vectores desconocidos relacionados con Deployment"}], "evaluatorComment": "Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html \r\n\r\n\"Applies to client deployment of Java only. This vulnerability can be exploited only through untrusted Java Web Start applications and untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)\"", "id": "CVE-2013-0449", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-02T00:55:02.520", "references": [{"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"}, {"source": "secalert_us@oracle.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"source": "secalert_us@oracle.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/858729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19123"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0237", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-oracle-1:1.7.0.13-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0626", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-03-11T00:00:00Z"}, {"advisory": "RHSA-2013:0237", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-oracle-1:1.7.0.13-1jpp.3.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-02-04T00:00:00Z"}, {"advisory": "RHSA-2013:0626", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-ibm-1:1.7.0.4.0-1jpp.2.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-03-11T00:00:00Z"}], "bugzilla": {"description": "JDK: unspecified vulnerability fixed in 7u13 (Deployment)", "id": "906932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=906932"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."], "name": "CVE-2013-0449", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "java-1.4.2-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.5.0-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.5.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-ibm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "java-1.6.0-sun", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0449\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0449\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"], "threat_severity": "Moderate"}

{}