CVE-2013-2472

HIGH

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.

ID	Name	Product	Family	Severity
89668	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2013-0012) (remote check)	Nessus	Misc.	critical
83595	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2013:1256-1)	Nessus	SuSE Local Security Checks	critical
79011	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2014:0414)	Nessus	Red Hat Local Security Checks	critical
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
75101	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1288-1)	Nessus	SuSE Local Security Checks	critical
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
71861	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
71859	IBM Domino 9.x < 9.0.1 Multiple Vulnerabilities (uncredentialed check)	Nessus	Misc.	critical
70744	IBM Notes 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70743	IBM Domino 8.5.x < 8.5.3 FP5 Multiple Vulnerabilities	Nessus	Windows	critical
70742	IBM Domino 8.5.x < 8.5.3 FP 5 Multiple Vulnerabilities	Nessus	Misc.	critical
70612	VMware Security Updates for vCenter Server (VMSA-2013-0012)	Nessus	Misc.	critical
69765	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)	Nessus	Amazon Linux Local Security Checks	critical
69762	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-204)	Nessus	Amazon Linux Local Security Checks	critical
69093	SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 8653)	Nessus	SuSE Local Security Checks	critical
69092	SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)	Nessus	SuSE Local Security Checks	critical
69090	SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)	Nessus	SuSE Local Security Checks	critical
69084	Debian DSA-2727-1 : openjdk-6 - several vulnerabilities	Nessus	Debian Local Security Checks	critical
69072	SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8657)	Nessus	SuSE Local Security Checks	critical
69071	SuSE 11.3 Security Update : java-1_7_0-openjdk (SAT Patch Number 8090)	Nessus	SuSE Local Security Checks	critical
69070	SuSE 11.2 / 11.3 Security Update : java-1_7_0-ibm (SAT Patch Numbers 8106 / 8108)	Nessus	SuSE Local Security Checks	critical
69069	SuSE 11.2 / 11.3 Security Update : java-1_6_0-ibm (SAT Patch Numbers 8105 / 8107)	Nessus	SuSE Local Security Checks	critical
69031	Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-1908-1)	Nessus	Ubuntu Local Security Checks	critical
69029	SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)	Nessus	SuSE Local Security Checks	critical
68926	Ubuntu 12.04 LTS / 12.10 / 13.04 : icedtea-web update (USN-1907-2)	Nessus	Ubuntu Local Security Checks	critical
68925	Ubuntu 12.10 / 13.04 : openjdk-7 vulnerabilities (USN-1907-1)	Nessus	Ubuntu Local Security Checks	critical
68922	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:1081)	Nessus	Red Hat Local Security Checks	critical
68901	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1060)	Nessus	Red Hat Local Security Checks	critical
68900	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1059)	Nessus	Red Hat Local Security Checks	critical
68889	Debian DSA-2722-1 : openjdk-7 - several vulnerabilities	Nessus	Debian Local Security Checks	critical
68842	Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)	Nessus	Oracle Linux Local Security Checks	critical
68837	Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0958)	Nessus	Oracle Linux Local Security Checks	critical
68836	Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-0957)	Nessus	Oracle Linux Local Security Checks	critical
67185	Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130703)	Nessus	Scientific Linux Local Security Checks	critical
67184	RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)	Nessus	Red Hat Local Security Checks	critical
67183	CentOS 5 / 6 : java-1.6.0-openjdk (CESA-2013:1014)	Nessus	CentOS Local Security Checks	critical
67012	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:183)	Nessus	Mandriva Local Security Checks	critical
66951	Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20130620)	Nessus	Scientific Linux Local Security Checks	critical
66950	Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20130620)	Nessus	Scientific Linux Local Security Checks	critical
66948	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0963)	Nessus	Red Hat Local Security Checks	critical
66947	CentOS 5 : java-1.7.0-openjdk (CESA-2013:0958)	Nessus	CentOS Local Security Checks	critical
66946	CentOS 6 : java-1.7.0-openjdk (CESA-2013:0957)	Nessus	CentOS Local Security Checks	critical
66943	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU) (Unix)	Nessus	Misc.	critical
66940	RHEL 5 : java-1.7.0-openjdk (RHSA-2013:0958)	Nessus	Red Hat Local Security Checks	critical
66939	RHEL 6 : java-1.7.0-openjdk (RHSA-2013:0957)	Nessus	Red Hat Local Security Checks	critical
6877	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU Update)	Nessus Network Monitor	Web Clients	critical
66932	Oracle Java SE Multiple Vulnerabilities (June 2013 CPU)	Nessus	Windows	critical
66929	Mac OS X : Java for Mac OS X 10.6 Update 16	Nessus	MacOS X Local Security Checks	critical
66928	Mac OS X : Java for OS X 2013-004	Nessus	MacOS X Local Security Checks	critical

CVE-2013-2472

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical