CVE-2013-2380

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:fusion_middleware:-:::::::*
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit:r27.1:::::::*
	cpe:2.3:a:oracle:jrockit:r27.2:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.2:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.3:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.4:::::::*

History

No history.

Information

Published : 2013-04-17 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-2380

Mitre link : CVE-2013-2380

CVE.ORG link : CVE-2013-2380

JSON object : View

Products Affected

oracle

fusion_middleware
jrockit

CWE

NVD-CWE-noinfo

{"id": "CVE-2013-2380", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-04-17T17:55:06.143", "references": [{"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle JRockit en Oracle Fusion Middleware R27.7.4 y anteriores y R28.2.6 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos. NOTA: este podr\u00eda ser un duplicado de CVE-2013-1537 y CVE-2013-2415. Si es as\u00ed, CVE-2013-2380 podr\u00eda ser rechazado en el futuro."}], "lastModified": "2013-10-11T03:51:34.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1828F4F0-FB4B-4E19-9F6D-77E7D017A21D"}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53150C54-F2BB-491C-A8C8-AD4C74BD07C7", "versionEndIncluding": "r27.4"}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67958DB2-50AD-4F2A-91AB-CC8623DD7935", "versionEndIncluding": "r28.2.6"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4873B9FF-0BA4-45AE-834A-C23AE80A2B48"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39274558-2ECB-43CE-BAEF-DBD3AAC1BD05"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72DA7B82-EC3B-4458-B040-6F9D1AE23DDE"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "267F16DF-D868-4DD9-8670-01AC3CBCE716"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF4A3CEE-CA1A-4381-9C2A-86A08552ECB1"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4953F74A-EA08-414B-9A5F-0DE7B05C6E4B"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E573D88-D435-4BE0-A439-A6ABE7C990CD"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5774E87C-9F38-4DB9-9F4F-B88D37BE622C"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95746A03-C190-409B-9F3F-F3F7F6B3D419"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCC0C38-1660-40BF-8708-B0FDF43069FE"}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "723DE1EC-F44A-4362-B885-835784FA7B56"}], "operator": "OR"}]}], "evaluatorComment": "1.Oracle released a Java SE Critical Patch Update on April 16, 2013 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2013-2380 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2013-2380 is as follows: CVE-2013-1537 and CVE-2013-2415.\r\n", "sourceIdentifier": "secalert_us@oracle.com"}