U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2013-2461

Change History

Modified Analysis by NIST 12/01/2015 1:50:41 PM

Action Type Old Value New Value
Changed CPE Configuration 
Configuration 1
     OR
          *cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:* (and previous)
Configuration 3
     OR
          *cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:* (and previous)
Configuration 4
     OR
          *cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_45:*:*:*:*:*:* (and previous)
 
Configuration 1
     OR
          *cpe:2.3:a:oracle:jdk:1.6.0:update_38:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_37:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_35:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_34:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_33:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_32:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_31:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_30:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_29:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_27:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_26:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_25:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_24:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_23:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_22:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update1_b06:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_39:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_41:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_43:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.6.0:update_45:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:a:oracle:jre:1.7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:* (and previous)
Configuration 3
     OR
          *cpe:2.3:a:sun:openjdk:7:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jrockit:r28.2.7:*:*:*:*:*:*:* (and previous)
          *cpe:2.3:a:oracle:jrockit:r27.7.5:*:*:*:*:*:*:* (and previous)
Configuration 4
     OR
          *cpe:2.3:a:oracle:jdk:1.7.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:* (and previous)
Configuration 5
     OR
          *cpe:2.3:a:oracle:jre:1.6.0:update_38:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_37:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_35:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_34:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_33:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_32:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_31:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_30:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_29:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_27:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_26:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_25:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_24:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_23:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_22:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
          *cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_39:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_41:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_43:*:*:*:*:*:*
          *cpe:2.3:a:oracle:jre:1.6.0:update_45:*:*:*:*:*:* (and previous)
Changed Evaluator Description 
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

'Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.'
 
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

'Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.'