Unrated severityNVD Advisory· Published Apr 17, 2013· Updated Jun 16, 2026
CVE-2013-2415
CVE-2013-2415
Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
64cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:*:update17:*:*:*:*:*:*range: <=1.7.0
cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:*:update17:*:*:*:*:*:*range: <=1.7.0
- Range: <=7u17
- osv-coords34 versionspkg:apk/chainguard/openjdk-11-openj9pkg:apk/chainguard/openjdk-11-openj9-dbgpkg:apk/chainguard/openjdk-11-openj9-default-jdkpkg:apk/chainguard/openjdk-11-openj9-default-jvmpkg:apk/chainguard/openjdk-11-openj9-default-policypkg:apk/chainguard/openjdk-11-openj9-docpkg:apk/chainguard/openjdk-11-openj9-jmodspkg:apk/chainguard/openjdk-11-openj9-jrepkg:apk/chainguard/openjdk-17-openj9pkg:apk/chainguard/openjdk-17-openj9-dbgpkg:apk/chainguard/openjdk-17-openj9-default-jdkpkg:apk/chainguard/openjdk-17-openj9-default-jvmpkg:apk/chainguard/openjdk-17-openj9-default-policypkg:apk/chainguard/openjdk-17-openj9-docpkg:apk/chainguard/openjdk-17-openj9-jmodspkg:apk/chainguard/openjdk-17-openj9-jrepkg:apk/chainguard/openjdk-21-openj9pkg:apk/chainguard/openjdk-21-openj9-dbgpkg:apk/chainguard/openjdk-21-openj9-default-jdkpkg:apk/chainguard/openjdk-21-openj9-default-jvmpkg:apk/chainguard/openjdk-21-openj9-default-policypkg:apk/chainguard/openjdk-21-openj9-docpkg:apk/chainguard/openjdk-21-openj9-jmodspkg:apk/chainguard/openjdk-21-openj9-jrepkg:apk/chainguard/openjdk-25-openj9-default-jvmpkg:apk/chainguard/openjdk-25-openj9-jmodspkg:apk/chainguard/openjdk-26-openj9-jrepkg:apk/chainguard/openjdk-8-openj9pkg:apk/chainguard/openjdk-8-openj9-dbgpkg:apk/chainguard/openjdk-8-openj9-default-jdkpkg:apk/chainguard/openjdk-8-openj9-default-jvmpkg:apk/chainguard/openjdk-8-openj9-docpkg:apk/chainguard/openjdk-8-openj9-jrepkg:rpm/opensuse/java-1_7_0-openjdk&distro=openSUSE%20Tumbleweed
< 0.53.0-r0+ 33 more
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.53.0-r0
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.48.0-r2
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.59.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 0.53.0-r1
- (no CPE)range: < 1.7.0.121-1.1
Patches
Vulnerability mechanics
References
20- www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlnvdVendor Advisory
- www.us-cert.gov/ncas/alerts/TA13-107AnvdUS Government Resource
- blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/nvd
- blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/nvd
- hg.openjdk.java.net/jdk7u/jdk7u-dev/jaxws/rev/e07c518282banvd
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-05/msg00017.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-06/msg00099.htmlnvd
- mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0752.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0757.htmlnvd
- security.gentoo.org/glsa/glsa-201406-32.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.ubuntu.com/usn/USN-1806-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16011nvd
- wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124nvd
- wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130nvd
News mentions
0No linked articles in our index yet.