PT-2013-3750 · Oracle+3 · Jax-Ws+7

Tomas Hoger

·

Published

2013-04-17

·

Updated

2024-06-15

·

CVE-2013-2415

CVSS v2.0

2.1

Low

VectorAV:L/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Java SE versions 7 Update 17 and earlier OpenJDK versions 6 and 7
Description The issue allows local users to affect confidentiality via vectors related to JAX-WS. It is reportedly related to the processing of MTOM attachments and the creation of temporary files with weak permissions.
Recommendations For Java SE versions 7 Update 17 and earlier, update to a version later than Update 17 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the JAX-WS component until a patch is available. As a temporary workaround, restrict access to temporary files created by the JRE component to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0751
CESA-2013_0770
CVE-2013-2415
OPENSUSE-SU-2024:10534-1
RHSA-2013:0751
RHSA-2013:0752
RHSA-2013:0757
RHSA-2013:0770
RHSA-2013:0822
RHSA-2013_0751
RHSA-2013_0752
RHSA-2013_0757
RHSA-2013_0770
RHSA-2013_0822

Affected Products

Centos
Jax-Ws
Jre
Java Platform
Java Se
Openjdk
Red Hat
Suse