CVE-2013-5854

{"id": "CVE-2013-5854", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-16T18:55:03.717", "references": [{"url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://osvdb.org/98570", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securityfocus.com/bid/63079", "source": "secalert_us@oracle.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88009", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19187", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/98570", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/63079", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88009", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19187", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Oracle Java SE v7u40 y anteriores, y JavaFX v2.2.40 y anteriores permite a atacantes remotos afectar a la confidencialidad a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T01:58:18.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:javafx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "211D20FA-1F11-4B12-9B18-7A9F17CC1984", "versionEndIncluding": "2.2.40"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64BDB79F-96E0-43A4-81CD-BADF0B039006"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC0E861D-AEBC-46EF-8CA6-CF7DE2518DB6"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB4477BB-9B0A-4874-9A5B-1B6193DC94E4"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBA3A1CE-1531-426A-A600-4DD6FB63D01A"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E2179A9-513A-46AA-BC4D-ED988B38650F"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37311B5-5404-435B-BBB6-76DA3EA19730"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55CB5B80-C778-456D-8871-CA79DED61078"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00472766-CED3-42FD-AD93-811EDBC45790"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2598CD0-B320-4A99-B291-0D901ADCF871"}, {"criteria": "cpe:2.3:a:oracle:javafx:2.2.21:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAFDCE11-A697-4E2F-A803-41D02CE15917"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:*:update40:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DE61035-9270-4CFE-A331-98D9203929F4", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44FC8AF-F76F-4A8E-8D03-4F8BCA8CB031"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6152036D-6421-4AE4-9223-766FE07B5A44"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE8B0935-6637-413D-B896-28E0ED7F2CEC"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30B480BC-0886-4B19-B0A5-57B531077F40"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FA1990D-BBC2-429C-872C-6150459516B1"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC2887E-610B-42FE-9A96-1E2F01BF17A3"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "130849CD-A581-4FE6-B2AA-99134F16FE65"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D375CECB-405C-4E18-A7E8-9C5A2F97BD69"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50AF5AE9-5314-4CE7-95A7-CE6D1B036D23"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B10B19C-FA60-4CD5-AA61-A9791F6CECA8"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52EEEA5A-E77C-43CF-A063-9D5C64EA1870"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "003746F6-DEF0-4D0F-AD97-9E335868E301"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF830E0E-0169-4B6A-81FF-2E9FCD7D913B"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BAE3670-0938-480A-8472-DFF0B3A0D0BF"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EC967FF-26A6-4498-BC09-EC23B2B75CBA"}, {"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02781457-4E40-46A9-A5F7-945232A8C2B1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jre:*:update40:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "480E1DC3-A93D-4566-A87B-0147202273CF", "versionEndIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C27372B-A091-46D5-AE39-A44BBB1D9EE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4B153FD-E20B-4909-8B10-884E48F5B590"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F21933FB-A27C-4AF3-9811-2DE28484A5A6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2B20041-EB5D-4FA4-AC7D-C35E7878BCFD"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3C3C9C7-73AE-4B1D-AA85-C7F5330A4DE6"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D8BB8D7-D5EC-42D6-BEAA-CB03D1D6513E"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B5B98B-0E41-4397-8AB0-C18C6F10AED1"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB106FA9-26CE-48C5-AEA5-FD1A5454AEE2"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FF6C211-AD55-40FE-9130-77164E586F62"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40DB141-E5B3-4EC2-9E2F-2E27414FCCB1"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5831D70B-3854-4CB8-B88D-40F1743DAEE0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB101C9-CA38-4421-BC0C-C1AD47AA2CC9"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA302DF3-ABBB-4262-B206-4C0F7B5B1E91"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A8EBCB-5E6A-42F0-8D07-F3A3D1C850F0"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CD8A54E-185B-4D34-82EF-C0C05739EC12"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FFC7F0D-1F32-4235-8359-277CE41382DF"}], "operator": "OR"}]}], "evaluatorComment": "Per http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html\n\n'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'", "sourceIdentifier": "secalert_us@oracle.com"}