PT-2013-3750 · Oracle+3 · Jax-Ws+7

Tomas Hoger

·

Publicado

2013-04-17

·

Atualizado

2024-06-15

·

CVE-2013-2415

CVSS v2.0

2.1

Baixa

VetorAV:L/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 7 Update 17 and earlier OpenJDK versions 6 and 7
Description The issue allows local users to affect confidentiality via vectors related to JAX-WS. It is reportedly related to the processing of MTOM attachments and the creation of temporary files with weak permissions.
Recommendations For Java SE versions 7 Update 17 and earlier, update to a version later than Update 17 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the JAX-WS component until a patch is available. As a temporary workaround, restrict access to temporary files created by the JRE component to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CESA-2013_0751
CESA-2013_0770
CVE-2013-2415
OPENSUSE-SU-2024:10534-1
RHSA-2013:0751
RHSA-2013:0752
RHSA-2013:0757
RHSA-2013:0770
RHSA-2013:0822
RHSA-2013_0751
RHSA-2013_0752
RHSA-2013_0757
RHSA-2013_0770
RHSA-2013_0822

Produtos afetados

Centos
Jax-Ws
Jre
Java Platform
Java Se
Openjdk
Red Hat
Suse