CVE-2013-2466 | Tenable®

Login

Tenable Community & Support

Tenable University

CVE-2013-2466

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.

References

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

http://marc.info/?l=bugtraq&m=137545505800971&w=2

http://marc.info/?l=bugtraq&m=137545592101387&w=2

http://rhn.redhat.com/errata/RHSA-2013-0963.html

http://rhn.redhat.com/errata/RHSA-2013-1059.html

http://rhn.redhat.com/errata/RHSA-2013-1060.html

http://rhn.redhat.com/errata/RHSA-2013-1455.html

http://rhn.redhat.com/errata/RHSA-2013-1456.html

http://secunia.com/advisories/54154

http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

http://www.securityfocus.com/bid/60624

http://www.us-cert.gov/ncas/alerts/TA13-169A

http://www-01.ibm.com/support/docview.wss?uid=swg21642336

http://www-01.ibm.com/support/docview.wss?uid=swg21644197

https://access.redhat.com/errata/RHSA-2014:0414

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16982

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19234

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19649

Details

Source: MITRE

Published: 2013-06-18

Updated: 2018-01-05

Type: NVD-CWE-noinfo

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:*:update21:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:*:update21:*:*:*:*:*:* versions up to 1.7.0 (inclusive)

cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:*:update_45:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:*:update_45:*:*:*:*:*:* versions up to 1.6.0 (inclusive)

cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

ID	Name	Product	Family	Severity
89668	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2013-0012) (remote check)	Nessus	Misc.	critical
83595	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2013:1256-1)	Nessus	SuSE Local Security Checks	critical
79011	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414)	Nessus	Red Hat Local Security Checks	critical
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
70612	VMware Security Updates for vCenter Server (VMSA-2013-0012)	Nessus	Misc.	critical
69072	SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8657)	Nessus	SuSE Local Security Checks	critical
69070	SuSE 11.2 / 11.3 Security Update : java-1_7_0-ibm (SAT Patch Numbers 8106 / 8108)	Nessus	SuSE Local Security Checks	critical
69069	SuSE 11.2 / 11.3 Security Update : java-1_6_0-ibm (SAT Patch Numbers 8105 / 8107)	Nessus	SuSE Local Security Checks	critical
68901	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1060)	Nessus	Red Hat Local Security Checks	critical
68900	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1059)	Nessus	Red Hat Local Security Checks	critical
66948	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0963)	Nessus	Red Hat Local Security Checks	critical
66943	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU) (Unix)	Nessus	Misc.	critical
6877	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU Update)	Nessus Network Monitor	Web Clients	critical
66932	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU)	Nessus	Windows	critical
66929	Mac OS X : Java for Mac OS X 10.6 Update 16	Nessus	MacOS X Local Security Checks	critical
66928	Mac OS X : Java for OS X 2013-004	Nessus	MacOS X Local Security Checks	critical