CVE-2013-0437

{"id": "CVE-2013-0437", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-02T00:55:02.037", "references": [{"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.kb.cert.org/vuls/id/858729", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16492", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19403", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y JavaFX v2.2.4 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con 2D."}], "lastModified": "2017-09-19T01:35:40.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900995E9-D131-451F-AE5C-BEDA1E8E13A3", "versionEndIncluding": "2.2.4"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BDB79F-96E0-43A4-81CD-BADF0B039006"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC0E861D-AEBC-46EF-8CA6-CF7DE2518DB6"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4477BB-9B0A-4874-9A5B-1B6193DC94E4"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA3A1CE-1531-426A-A600-4DD6FB63D01A"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E2179A9-513A-46AA-BC4D-ED988B38650F"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37311B5-5404-435B-BBB6-76DA3EA19730"}], "operator": "OR"}]}], "evaluatorComment": "Per http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html \r\n\r\n\"Applies to client and server deployment of Java. This vulnerability can be exploited through untrusted Java Web Start applications and untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.\"", "sourceIdentifier": "secalert_us@oracle.com"}