CVE-2013-2453 - OpenCVE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Jdk Jre
Redhat	Enterprise Linux Network Satellite Rhel Extras Rhel Extras Oracle Java
Sun	Jdk Jre

Configuration 1 [-]

OR	cpe:2.3:a:oracle:jre::update21::::::*
	cpe:2.3:a:oracle:jre:1.7.0:::::::*
	cpe:2.3:a:oracle:jre:1.7.0:update1::::::
	cpe:2.3:a:oracle:jre:1.7.0:update10::::::
	cpe:2.3:a:oracle:jre:1.7.0:update11::::::
	cpe:2.3:a:oracle:jre:1.7.0:update13::::::
	cpe:2.3:a:oracle:jre:1.7.0:update15::::::
	cpe:2.3:a:oracle:jre:1.7.0:update17::::::
	cpe:2.3:a:oracle:jre:1.7.0:update2::::::
	cpe:2.3:a:oracle:jre:1.7.0:update3::::::
	cpe:2.3:a:oracle:jre:1.7.0:update4::::::
	cpe:2.3:a:oracle:jre:1.7.0:update5::::::
	cpe:2.3:a:oracle:jre:1.7.0:update6::::::
	cpe:2.3:a:oracle:jre:1.7.0:update7::::::
	cpe:2.3:a:oracle:jre:1.7.0:update9::::::

Configuration 2 [-]

OR	cpe:2.3:a:oracle:jdk::update21::::::*
	cpe:2.3:a:oracle:jdk:1.7.0:::::::*
	cpe:2.3:a:oracle:jdk:1.7.0:update1::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update10::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update11::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update13::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update15::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update17::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update2::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update3::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update4::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update5::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update6::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update7::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update9::::::

Configuration 3 [-]

OR	cpe:2.3:a:oracle:jre::update45::::::*
	cpe:2.3:a:oracle:jre:1.6.0:update22::::::
	cpe:2.3:a:oracle:jre:1.6.0:update23::::::
	cpe:2.3:a:oracle:jre:1.6.0:update24::::::
	cpe:2.3:a:oracle:jre:1.6.0:update25::::::
	cpe:2.3:a:oracle:jre:1.6.0:update26::::::
	cpe:2.3:a:oracle:jre:1.6.0:update27::::::
	cpe:2.3:a:oracle:jre:1.6.0:update29::::::
	cpe:2.3:a:oracle:jre:1.6.0:update30::::::
	cpe:2.3:a:oracle:jre:1.6.0:update31::::::
	cpe:2.3:a:oracle:jre:1.6.0:update32::::::
	cpe:2.3:a:oracle:jre:1.6.0:update33::::::
	cpe:2.3:a:oracle:jre:1.6.0:update34::::::
	cpe:2.3:a:oracle:jre:1.6.0:update35::::::
	cpe:2.3:a:oracle:jre:1.6.0:update37::::::
	cpe:2.3:a:oracle:jre:1.6.0:update38::::::
	cpe:2.3:a:oracle:jre:1.6.0:update39::::::
	cpe:2.3:a:oracle:jre:1.6.0:update41::::::
	cpe:2.3:a:oracle:jre:1.6.0:update43::::::
	cpe:2.3:a:sun:jre:1.6.0:::::::*
	cpe:2.3:a:sun:jre:1.6.0:update_1::::::
	cpe:2.3:a:sun:jre:1.6.0:update_10::::::
	cpe:2.3:a:sun:jre:1.6.0:update_11::::::
	cpe:2.3:a:sun:jre:1.6.0:update_12::::::
	cpe:2.3:a:sun:jre:1.6.0:update_13::::::
	cpe:2.3:a:sun:jre:1.6.0:update_14::::::
	cpe:2.3:a:sun:jre:1.6.0:update_15::::::
	cpe:2.3:a:sun:jre:1.6.0:update_16::::::
	cpe:2.3:a:sun:jre:1.6.0:update_17::::::
	cpe:2.3:a:sun:jre:1.6.0:update_18::::::
	cpe:2.3:a:sun:jre:1.6.0:update_19::::::
	cpe:2.3:a:sun:jre:1.6.0:update_2::::::
	cpe:2.3:a:sun:jre:1.6.0:update_20::::::
	cpe:2.3:a:sun:jre:1.6.0:update_21::::::
	cpe:2.3:a:sun:jre:1.6.0:update_3::::::
	cpe:2.3:a:sun:jre:1.6.0:update_4::::::
	cpe:2.3:a:sun:jre:1.6.0:update_5::::::
	cpe:2.3:a:sun:jre:1.6.0:update_6::::::
	cpe:2.3:a:sun:jre:1.6.0:update_7::::::
	cpe:2.3:a:sun:jre:1.6.0:update_9::::::

Configuration 4 [-]

OR	cpe:2.3:a:oracle:jdk::update45::::::*
	cpe:2.3:a:oracle:jdk:1.6.0:update22::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update23::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update24::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update25::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update26::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update27::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update29::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update30::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update31::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update32::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update33::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update34::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update35::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update37::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update38::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update39::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update41::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update43::::::
	cpe:2.3:a:sun:jdk:1.6.0:::::::*
	cpe:2.3:a:sun:jdk:1.6.0:update_10::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_11::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_12::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_13::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_14::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_15::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_16::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_17::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_18::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_19::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_20::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_21::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_3::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_4::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_5::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_6::::::
	cpe:2.3:a:sun:jdk:1.6.0:update_7::::::
	cpe:2.3:a:sun:jdk:1.6.0:update1::::::
	cpe:2.3:a:sun:jdk:1.6.0:update1_b06::::::
	cpe:2.3:a:sun:jdk:1.6.0:update2::::::

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2014:0414	2014-04-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2014:0414	2014-04-17T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0958	2013-06-20T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.0-1.41.1.11.11.90.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:1014	2013-07-03T00:00:00Z
Red Hat Enterprise Linux 6
java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0957	2013-06-19T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.0-1.62.1.11.11.90.el6_4	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:1014	2013-07-03T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4	cpe:/a:redhat:network_satellite:5.4::el5	RHSA-2013:1455	2013-10-23T00:00:00Z
Red Hat Network Satellite Server v 5.5
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4	cpe:/a:redhat:network_satellite:5.5::el5	RHSA-2013:1456	2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.25-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0963	2013-06-20T00:00:00Z
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:1059	2013-07-15T00:00:00Z
java-1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:1060	2013-07-15T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.25-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0963	2013-06-20T00:00:00Z
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:1059	2013-07-15T00:00:00Z
java-1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:1060	2013-07-15T00:00:00Z

References

Link	Providers
http://advisories.mageia.org/MGASA-2013-0185.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://marc.info/?l=bugtraq&m=137545592101387&w=2
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/54154
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.securityfocus.com/bid/60644
http://www.us-cert.gov/ncas/alerts/TA13-169A
https://access.redhat.com/errata/RHSA-2014:0414
https://bugzilla.redhat.com/show_bug.cgi?id=975134
https://nvd.nist.gov/vuln/detail/CVE-2013-2453
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16545
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19588
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19611
https://www.cve.org/CVERecord?id=CVE-2013-2453

History

No history.

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2013-06-18T22:00:00

Updated: 2024-08-06T15:36:46.524Z

Reserved: 2013-03-05T00:00:00

Link: CVE-2013-2453

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-06-18T22:55:02.577

Modified: 2022-05-13T14:52:52.833

Link: CVE-2013-2453

Redhat

Severity : Moderate

Publid Date: 2013-06-18T00:00:00Z

Links: CVE-2013-2453 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object