PT-2013-3783 · Oracle+4 · Oracle Java Se+6

Stefan Cornelius

·

Published

2013-06-18

·

Updated

2024-06-15

·

CVE-2013-2449

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions prior to 7 Update 21 OpenJDK 7
Description The issue affects confidentiality and is related to unknown vectors in the Libraries component of the Java Runtime Environment. There are claims that this issue might be related to GnomeFileTypeDetector and a missing check for read permissions for a path, but Oracle has not commented on these claims.
Recommendations For Oracle Java SE versions prior to 7 Update 21, update to a version later than 7 Update 21. For OpenJDK 7, consider restricting access to the Libraries component until a patch is available. As a temporary workaround, consider disabling the use of GnomeFileTypeDetector in the Java Runtime Environment until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0957
CVE-2013-2449
DSA-2722-1
HPSBUX02907
MGASA-2013-0185
OPENSUSE-SU-2024:10534-1
RHSA-2013:0957
RHSA-2013:0958
RHSA-2013:0963
RHSA-2013:1060
RHSA-2013_0957
RHSA-2013_0958
RHSA-2013_0963
RHSA-2013_1060

Affected Products

Centos
Hp-Ux
Java Platform
Openjdk
Oracle Java Se
Red Hat
Suse