CVE-2013-2380 - OpenCVE

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Fusion Middleware Jrockit

Configuration 1 [-]

OR	cpe:2.3:a:oracle:fusion_middleware:-:::::::*
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit:r27.1:::::::*
	cpe:2.3:a:oracle:jrockit:r27.2:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.2:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.3:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.4:::::::*

No data.

References

Link	Providers
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2013-04-17T14:00:00

Updated: 2024-08-06T15:36:46.138Z

Reserved: 2013-03-05T00:00:00

Link: CVE-2013-2380

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-04-17T17:55:06.143

Modified: 2013-10-11T03:51:34.187

Link: CVE-2013-2380

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-11T09:00:00", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2013-2380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}, {"name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:36:46.138Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}]}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2013-2380", "datePublished": "2013-04-17T14:00:00", "dateReserved": "2013-03-05T00:00:00", "dateUpdated": "2024-08-06T15:36:46.138Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1828F4F0-FB4B-4E19-9F6D-77E7D017A21D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "53150C54-F2BB-491C-A8C8-AD4C74BD07C7", "versionEndIncluding": "r27.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "67958DB2-50AD-4F2A-91AB-CC8623DD7935", "versionEndIncluding": "r28.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.1:*:*:*:*:*:*:*", "matchCriteriaId": "4873B9FF-0BA4-45AE-834A-C23AE80A2B48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.2:*:*:*:*:*:*:*", "matchCriteriaId": "39274558-2ECB-43CE-BAEF-DBD3AAC1BD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3:*:*:*:*:*:*:*", "matchCriteriaId": "72DA7B82-EC3B-4458-B040-6F9D1AE23DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "267F16DF-D868-4DD9-8670-01AC3CBCE716", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF4A3CEE-CA1A-4381-9C2A-86A08552ECB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4953F74A-EA08-414B-9A5F-0DE7B05C6E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E573D88-D435-4BE0-A439-A6ABE7C990CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5774E87C-9F38-4DB9-9F4F-B88D37BE622C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "95746A03-C190-409B-9F3F-F3F7F6B3D419", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDCC0C38-1660-40BF-8708-B0FDF43069FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "723DE1EC-F44A-4362-B885-835784FA7B56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle JRockit en Oracle Fusion Middleware R27.7.4 y anteriores y R28.2.6 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos. NOTA: este podr\u00eda ser un duplicado de CVE-2013-1537 y CVE-2013-2415. Si es as\u00ed, CVE-2013-2380 podr\u00eda ser rechazado en el futuro."}], "evaluatorComment": "1.Oracle released a Java SE Critical Patch Update on April 16, 2013 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2013-2380 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2013-2380 is as follows: CVE-2013-1537 and CVE-2013-2415.\r\n", "id": "CVE-2013-2380", "lastModified": "2013-10-11T03:51:34.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-17T17:55:06.143", "references": [{"source": "secalert_us@oracle.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}