CVE-2013-2380 - OpenCVE

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Jrockit Fusion Middleware

Configuration 1 [-]

OR	cpe:2.3:a:oracle:fusion_middleware:-:::::::*
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit::::::::
	cpe:2.3:a:oracle:jrockit:r27.1:::::::*
	cpe:2.3:a:oracle:jrockit:r27.2:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3:::::::*
	cpe:2.3:a:oracle:jrockit:r27.3.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.0.2:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.0:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.1:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.3:::::::*
	cpe:2.3:a:oracle:jrockit:r28.1.4:::::::*

References

Link	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2013-04-17T14:00:00

Updated: 2013-10-11T09:00:00

Reserved: 2013-03-05T00:00:00

Link: CVE-2013-2380

JSON object: View

NVD Information

Status : Modified

Published: 2013-04-17T17:55:06.143

Modified: 2013-10-11T03:51:34.187

Link: CVE-2013-2380

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-10-11T09:00:00", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}, {"name": "MDVSA-2013:150", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2013-2380", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}, {"name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}]}}}}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2013-2380", "datePublished": "2013-04-17T14:00:00", "dateReserved": "2013-03-05T00:00:00", "dateUpdated": "2013-10-11T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:fusion_middleware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1828F4F0-FB4B-4E19-9F6D-77E7D017A21D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "53150C54-F2BB-491C-A8C8-AD4C74BD07C7", "versionEndIncluding": "r27.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*", "matchCriteriaId": "67958DB2-50AD-4F2A-91AB-CC8623DD7935", "versionEndIncluding": "r28.2.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.1:*:*:*:*:*:*:*", "matchCriteriaId": "4873B9FF-0BA4-45AE-834A-C23AE80A2B48", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.2:*:*:*:*:*:*:*", "matchCriteriaId": "39274558-2ECB-43CE-BAEF-DBD3AAC1BD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3:*:*:*:*:*:*:*", "matchCriteriaId": "72DA7B82-EC3B-4458-B040-6F9D1AE23DDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r27.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "267F16DF-D868-4DD9-8670-01AC3CBCE716", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF4A3CEE-CA1A-4381-9C2A-86A08552ECB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4953F74A-EA08-414B-9A5F-0DE7B05C6E4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "5E573D88-D435-4BE0-A439-A6ABE7C990CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5774E87C-9F38-4DB9-9F4F-B88D37BE622C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "95746A03-C190-409B-9F3F-F3F7F6B3D419", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CDCC0C38-1660-40BF-8708-B0FDF43069FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jrockit:r28.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "723DE1EC-F44A-4362-B885-835784FA7B56", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle JRockit en Oracle Fusion Middleware R27.7.4 y anteriores y R28.2.6 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos. NOTA: este podr\u00eda ser un duplicado de CVE-2013-1537 y CVE-2013-2415. Si es as\u00ed, CVE-2013-2380 podr\u00eda ser rechazado en el futuro."}], "evaluatorComment": "1.Oracle released a Java SE Critical Patch Update on April 16, 2013 to address multiple vulnerabilities affecting the Java Runtime Environment. Oracle CVE-2013-2380 refers to the advisories that are applicable to JRockit from the Java SE Critical Patch Update. The CVSS score of this vulnerability CVE# reflects the highest among those fixed in JRockit. The complete list of all vulnerabilities addressed in JRockit under CVE-2013-2380 is as follows: CVE-2013-1537 and CVE-2013-2415.\r\n", "id": "CVE-2013-2380", "lastModified": "2013-10-11T03:51:34.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-17T17:55:06.143", "references": [{"source": "secalert_us@oracle.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}