Detections
Analytics
CVE-2013-2407
critical
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19568
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17195
https://bugzilla.redhat.com/show_bug.cgi?id=975127
https://access.redhat.com/errata/RHSA-2014:0414
http://www.us-cert.gov/ncas/alerts/TA13-169A
http://www.securityfocus.com/bid/60653
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://secunia.com/advisories/54154
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://marc.info/?l=bugtraq&m=137545592101387&w=2
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c82ed89b21bc
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/0e80792291c0