CVE-2013-1491

{"id": "CVE-2013-1491", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-08T18:55:01.607", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880", "source": "secalert_us@oracle.com"}, {"url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157", "source": "secalert_us@oracle.com"}, {"url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html", "source": "secalert_us@oracle.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html", "source": "secalert_us@oracle.com"}, {"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "source": "secalert_us@oracle.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "source": "secalert_us@oracle.com"}, {"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A", "tags": ["US Government Resource"], "source": "secalert_us@oracle.com"}, {"url": "http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482", "source": "secalert_us@oracle.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553", "source": "secalert_us@oracle.com"}, {"url": "https://twitter.com/thezdi/status/309438311112507392", "source": "secalert_us@oracle.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013."}, {"lang": "es", "value": "El componente Java Runtime Environment (JRE) en Java SE versi\u00f3n 7 Update 17 y anteriores, versi\u00f3n 6 Update 43 y anteriores, versi\u00f3n 5.0 Update 41 y anteriores, y JavaFX versi\u00f3n 2.2.7 y anteriores de Oracle, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores relacionados con 2D, como fue demostrado por Joshua Drake durante una competencia pwn2Own en CanSecWest 2013."}], "lastModified": "2017-09-19T01:36:06.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "130849CD-A581-4FE6-B2AA-99134F16FE65"}, {"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B5B98B-0E41-4397-8AB0-C18C6F10AED1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}