Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-2436 | First vendor Publication | 2013-04-17 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2436 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16540 | |||
| Oval ID: | oval:org.mitre.oval:def:16540 | ||
| Title: | Vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and before. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2436 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21074 | |||
| Oval ID: | oval:org.mitre.oval:def:21074 | ||
| Title: | RHSA-2013:0751: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0751-01 CESA-2013:0751 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 | Version: | 311 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:24006 | |||
| Oval ID: | oval:org.mitre.oval:def:24006 | ||
| Title: | ELSA-2013:0751: java-1.7.0-openjdk security update (Critical) | ||
| Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0751-01 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436 | Version: | 93 |
| Platform(s): | Oracle Linux 6 | Product(s): | java-1.7.0-openjdk |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-402.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-426.nasl - Type : ACT_GATHER_INFO |
| 2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-183.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO |
| 2013-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1819-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-161.nasl - Type : ACT_GATHER_INFO |
| 2013-04-26 | Name : The remote Fedora host is missing a security update. File : fedora_2013-6368.nasl - Type : ACT_GATHER_INFO |
| 2013-04-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1806-1.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5922.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-04-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0757.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130417_java_1_7_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0751.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote Fedora host is missing a security update. File : fedora_2013-5958.nasl - Type : ACT_GATHER_INFO |
| 2013-04-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0752.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_apr_2013_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-04-17 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_apr_2013.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 12:34:56 |
|
| 2024-08-02 12:23:47 |
|
| 2024-08-02 01:07:04 |
|
| 2024-07-25 01:21:56 |
|
| 2024-06-29 01:21:04 |
|
| 2024-04-02 01:20:55 |
|
| 2024-02-02 01:23:06 |
|
| 2024-02-01 12:06:51 |
|
| 2023-09-05 12:21:50 |
|
| 2023-09-05 01:06:45 |
|
| 2023-09-02 12:21:51 |
|
| 2023-09-02 01:06:50 |
|
| 2023-08-22 12:19:34 |
|
| 2023-03-28 12:06:52 |
|
| 2022-10-11 01:06:31 |
|
| 2022-01-22 01:14:18 |
|
| 2021-09-23 01:12:42 |
|
| 2021-07-27 01:12:19 |
|
| 2021-05-05 01:12:40 |
|
| 2021-05-04 12:25:07 |
|
| 2021-04-22 01:30:04 |
|
| 2020-10-27 01:17:53 |
|
| 2020-09-09 12:09:19 |
|
| 2020-09-09 01:09:39 |
|
| 2020-07-17 01:08:45 |
|
| 2020-05-24 01:11:15 |
|
| 2020-05-23 00:37:02 |
|
| 2019-05-10 12:05:23 |
|
| 2018-10-30 12:05:53 |
|
| 2018-10-23 12:04:40 |
|
| 2018-07-25 12:03:48 |
|
| 2018-04-28 12:01:05 |
|
| 2018-02-02 12:02:12 |
|
| 2017-10-25 12:01:01 |
|
| 2017-09-19 09:25:58 |
|
| 2017-08-16 12:02:21 |
|
| 2017-05-12 12:04:37 |
|
| 2017-02-10 12:00:43 |
|
| 2016-11-01 12:04:13 |
|
| 2016-07-27 12:00:46 |
|
| 2016-06-28 19:29:38 |
|
| 2016-04-26 23:08:16 |
|
| 2014-10-04 13:30:33 |
|
| 2014-07-01 13:25:14 |
|
| 2014-06-14 13:35:31 |
|
| 2014-02-17 11:19:35 |
|
| 2014-02-07 13:20:32 |
|
| 2013-11-04 21:26:56 |
|
| 2013-10-11 13:26:23 |
|
| 2013-07-24 13:19:38 |
|
| 2013-06-21 13:19:50 |
|
| 2013-06-05 13:20:33 |
|
| 2013-06-04 13:26:25 |
|
| 2013-05-10 22:30:22 |
|
| 2013-04-18 21:20:02 |
|
| 2013-04-18 00:19:49 |
|
