CVE-2013-2465 — CRITICAL (9.8)

Vulnerability Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Oracle	Jre	1.7.0
Sun	Jre	1.6.0
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Java	10
Suse	Linux Enterprise Server	10
Suse	Linux Enterprise Software Development Kit	11

Related Weaknesses (CWE)

CWE-693

References

http://advisories.mageia.org/MGASA-2013-0185.htmlBroken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880Broken Link
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040Patch
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=137545505800971&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=137545592101387&w=2Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0963.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1059.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1060.htmlThird Party Advisory

FAQ

What is CVE-2013-2465?

CVE-2013-2465 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remot...

How severe is CVE-2013-2465?

CVE-2013-2465 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2013-2465?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jre, Sun Jre, Suse Linux Enterprise Desktop, Suse Linux Enterprise Java, Suse Linux Enterprise Server.