CVE-2013-2412
First published: Mon Jun 17 2013(Updated: )
It was discovered that JConsole did not properly inform the user in case establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JRE | <=1.7.0 | |
| Oracle JRE | =1.7.0 | |
| Oracle JRE | =1.7.0-update1 | |
| Oracle JRE | =1.7.0-update10 | |
| Oracle JRE | =1.7.0-update11 | |
| Oracle JRE | =1.7.0-update13 | |
| Oracle JRE | =1.7.0-update15 | |
| Oracle JRE | =1.7.0-update17 | |
| Oracle JRE | =1.7.0-update2 | |
| Oracle JRE | =1.7.0-update3 | |
| Oracle JRE | =1.7.0-update4 | |
| Oracle JRE | =1.7.0-update5 | |
| Oracle JRE | =1.7.0-update6 | |
| Oracle JRE | =1.7.0-update7 | |
| Oracle JRE | =1.7.0-update9 | |
| Oracle OpenJDK 1.8.0 | <=1.7.0 | |
| Oracle OpenJDK 1.8.0 | =1.7.0 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update1 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update10 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update11 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update13 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update15 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update17 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update2 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update3 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update4 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update5 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update6 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update7 | |
| Oracle OpenJDK 1.8.0 | =1.7.0-update9 | |
| Oracle JRE | <=1.6.0 | |
| Oracle JRE | =1.6.0-update22 | |
| Oracle JRE | =1.6.0-update23 | |
| Oracle JRE | =1.6.0-update24 | |
| Oracle JRE | =1.6.0-update25 | |
| Oracle JRE | =1.6.0-update26 | |
| Oracle JRE | =1.6.0-update27 | |
| Oracle JRE | =1.6.0-update29 | |
| Oracle JRE | =1.6.0-update30 | |
| Oracle JRE | =1.6.0-update31 | |
| Oracle JRE | =1.6.0-update32 | |
| Oracle JRE | =1.6.0-update33 | |
| Oracle JRE | =1.6.0-update34 | |
| Oracle JRE | =1.6.0-update35 | |
| Oracle JRE | =1.6.0-update37 | |
| Oracle JRE | =1.6.0-update38 | |
| Oracle JRE | =1.6.0-update39 | |
| Oracle JRE | =1.6.0-update41 | |
| Oracle JRE | =1.6.0-update43 | |
| Sun Java Runtime Environment (JRE) | =1.6.0 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_1 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_10 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_11 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_12 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_13 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_14 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_15 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_16 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_17 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_18 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_19 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_2 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_20 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_21 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_3 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_4 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_5 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_6 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_7 | |
| Sun Java Runtime Environment (JRE) | =1.6.0-update_9 | |
| Oracle OpenJDK 1.8.0 | <=1.6.0 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update22 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update23 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update24 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update25 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update26 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update27 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update29 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update30 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update31 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update32 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update33 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update34 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update35 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update37 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update38 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update39 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update41 | |
| Oracle OpenJDK 1.8.0 | =1.6.0-update43 | |
| Java Development Kit (JDK) | =1.6.0 | |
| Java Development Kit (JDK) | =1.6.0-update_10 | |
| Java Development Kit (JDK) | =1.6.0-update_11 | |
| Java Development Kit (JDK) | =1.6.0-update_12 | |
| Java Development Kit (JDK) | =1.6.0-update_13 | |
| Java Development Kit (JDK) | =1.6.0-update_14 | |
| Java Development Kit (JDK) | =1.6.0-update_15 | |
| Java Development Kit (JDK) | =1.6.0-update_16 | |
| Java Development Kit (JDK) | =1.6.0-update_17 | |
| Java Development Kit (JDK) | =1.6.0-update_18 | |
| Java Development Kit (JDK) | =1.6.0-update_19 | |
| Java Development Kit (JDK) | =1.6.0-update_20 | |
| Java Development Kit (JDK) | =1.6.0-update_21 | |
| Java Development Kit (JDK) | =1.6.0-update_3 | |
| Java Development Kit (JDK) | =1.6.0-update_4 | |
| Java Development Kit (JDK) | =1.6.0-update_5 | |
| Java Development Kit (JDK) | =1.6.0-update_6 | |
| Java Development Kit (JDK) | =1.6.0-update_7 | |
| Java Development Kit (JDK) | =1.6.0-update1 | |
| Java Development Kit (JDK) | =1.6.0-update1_b06 | |
| Java Development Kit (JDK) | =1.6.0-update2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2013-0185.html
- http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/3927a18bbcbf
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
- http://marc.info/?l=bugtraq&m=137545505800971&w=2
- http://marc.info/?l=bugtraq&m=137545592101387&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0963.html
- http://rhn.redhat.com/errata/RHSA-2013-1059.html
- http://rhn.redhat.com/errata/RHSA-2013-1060.html
- http://rhn.redhat.com/errata/RHSA-2013-1455.html
- http://rhn.redhat.com/errata/RHSA-2013-1456.html
- http://secunia.com/advisories/54154
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21642336
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
- http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
- http://www.securityfocus.com/bid/60618
- http://www.us-cert.gov/ncas/alerts/TA13-169A
- https://access.redhat.com/errata/RHSA-2014:0414
- https://bugzilla.redhat.com/show_bug.cgi?id=975144
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17098
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19375
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19633
- https://rhn.redhat.com/errata/RHSA-2013-0958.html
- https://rhn.redhat.com/errata/RHSA-2013-0957.html
- https://rhn.redhat.com/errata/RHSA-2013-0963.html
- https://rhn.redhat.com/errata/RHSA-2013-1014.html
- https://rhn.redhat.com/errata/RHSA-2013-1060.html
- https://rhn.redhat.com/errata/RHSA-2013-1059.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023941.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023849.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-June/023860.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-July/023895.html
- https://rhn.redhat.com/errata/RHSA-2013-1456.html
- https://rhn.redhat.com/errata/RHSA-2013-1455.html
- https://rhn.redhat.com/errata/RHSA-2014-0414.html
Frequently Asked Questions
What is the severity of CVE-2013-2412?
CVE-2013-2412 is considered a critical severity vulnerability due to the potential access it offers to sensitive information.
How do I fix CVE-2013-2412?
To fix CVE-2013-2412, upgrade to the latest version of Oracle Java SE that includes the necessary security patches.
What impact does CVE-2013-2412 have on my system?
The impact of CVE-2013-2412 can include potential exposure of sensitive information if SSL connections fail without proper notification.
Which versions of Oracle JRE are affected by CVE-2013-2412?
CVE-2013-2412 affects Oracle JRE versions up to 1.7.0 update 21 and earlier.
Can CVE-2013-2412 be exploited remotely?
Yes, CVE-2013-2412 can be exploited remotely if vulnerable software is used without appropriate security measures.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2412
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jre
- version/oracle jre/1.7.0
- version/oracle jre/1.7.0-update1
- version/oracle jre/1.7.0-update10
- version/oracle jre/1.7.0-update11
- version/oracle jre/1.7.0-update13
- version/oracle jre/1.7.0-update15
- version/oracle jre/1.7.0-update17
- version/oracle jre/1.7.0-update2
- version/oracle jre/1.7.0-update3
- version/oracle jre/1.7.0-update4
- version/oracle jre/1.7.0-update5
- version/oracle jre/1.7.0-update6
- version/oracle jre/1.7.0-update7
- version/oracle jre/1.7.0-update9
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.7.0
- version/oracle openjdk 1.8.0/1.7.0-update1
- version/oracle openjdk 1.8.0/1.7.0-update10
- version/oracle openjdk 1.8.0/1.7.0-update11
- version/oracle openjdk 1.8.0/1.7.0-update13
- version/oracle openjdk 1.8.0/1.7.0-update15
- version/oracle openjdk 1.8.0/1.7.0-update17
- version/oracle openjdk 1.8.0/1.7.0-update2
- version/oracle openjdk 1.8.0/1.7.0-update3
- version/oracle openjdk 1.8.0/1.7.0-update4
- version/oracle openjdk 1.8.0/1.7.0-update5
- version/oracle openjdk 1.8.0/1.7.0-update6
- version/oracle openjdk 1.8.0/1.7.0-update7
- version/oracle openjdk 1.8.0/1.7.0-update9
- version/oracle jre/1.6.0
- version/oracle jre/1.6.0-update22
- version/oracle jre/1.6.0-update23
- version/oracle jre/1.6.0-update24
- version/oracle jre/1.6.0-update25
- version/oracle jre/1.6.0-update26
- version/oracle jre/1.6.0-update27
- version/oracle jre/1.6.0-update29
- version/oracle jre/1.6.0-update30
- version/oracle jre/1.6.0-update31
- version/oracle jre/1.6.0-update32
- version/oracle jre/1.6.0-update33
- version/oracle jre/1.6.0-update34
- version/oracle jre/1.6.0-update35
- version/oracle jre/1.6.0-update37
- version/oracle jre/1.6.0-update38
- version/oracle jre/1.6.0-update39
- version/oracle jre/1.6.0-update41
- version/oracle jre/1.6.0-update43
- vendor/sun
- canonical/sun java runtime environment (jre)
- version/sun java runtime environment (jre)/1.6.0
- version/sun java runtime environment (jre)/1.6.0-update_1
- version/sun java runtime environment (jre)/1.6.0-update_10
- version/sun java runtime environment (jre)/1.6.0-update_11
- version/sun java runtime environment (jre)/1.6.0-update_12
- version/sun java runtime environment (jre)/1.6.0-update_13
- version/sun java runtime environment (jre)/1.6.0-update_14
- version/sun java runtime environment (jre)/1.6.0-update_15
- version/sun java runtime environment (jre)/1.6.0-update_16
- version/sun java runtime environment (jre)/1.6.0-update_17
- version/sun java runtime environment (jre)/1.6.0-update_18
- version/sun java runtime environment (jre)/1.6.0-update_19
- version/sun java runtime environment (jre)/1.6.0-update_2
- version/sun java runtime environment (jre)/1.6.0-update_20
- version/sun java runtime environment (jre)/1.6.0-update_21
- version/sun java runtime environment (jre)/1.6.0-update_3
- version/sun java runtime environment (jre)/1.6.0-update_4
- version/sun java runtime environment (jre)/1.6.0-update_5
- version/sun java runtime environment (jre)/1.6.0-update_6
- version/sun java runtime environment (jre)/1.6.0-update_7
- version/sun java runtime environment (jre)/1.6.0-update_9
- version/oracle openjdk 1.8.0/1.6.0
- version/oracle openjdk 1.8.0/1.6.0-update22
- version/oracle openjdk 1.8.0/1.6.0-update23
- version/oracle openjdk 1.8.0/1.6.0-update24
- version/oracle openjdk 1.8.0/1.6.0-update25
- version/oracle openjdk 1.8.0/1.6.0-update26
- version/oracle openjdk 1.8.0/1.6.0-update27
- version/oracle openjdk 1.8.0/1.6.0-update29
- version/oracle openjdk 1.8.0/1.6.0-update30
- version/oracle openjdk 1.8.0/1.6.0-update31
- version/oracle openjdk 1.8.0/1.6.0-update32
- version/oracle openjdk 1.8.0/1.6.0-update33
- version/oracle openjdk 1.8.0/1.6.0-update34
- version/oracle openjdk 1.8.0/1.6.0-update35
- version/oracle openjdk 1.8.0/1.6.0-update37
- version/oracle openjdk 1.8.0/1.6.0-update38
- version/oracle openjdk 1.8.0/1.6.0-update39
- version/oracle openjdk 1.8.0/1.6.0-update41
- version/oracle openjdk 1.8.0/1.6.0-update43
- canonical/java development kit (jdk)
- version/java development kit (jdk)/1.6.0
- version/java development kit (jdk)/1.6.0-update_10
- version/java development kit (jdk)/1.6.0-update_11
- version/java development kit (jdk)/1.6.0-update_12
- version/java development kit (jdk)/1.6.0-update_13
- version/java development kit (jdk)/1.6.0-update_14
- version/java development kit (jdk)/1.6.0-update_15
- version/java development kit (jdk)/1.6.0-update_16
- version/java development kit (jdk)/1.6.0-update_17
- version/java development kit (jdk)/1.6.0-update_18
- version/java development kit (jdk)/1.6.0-update_19
- version/java development kit (jdk)/1.6.0-update_20
- version/java development kit (jdk)/1.6.0-update_21
- version/java development kit (jdk)/1.6.0-update_3
- version/java development kit (jdk)/1.6.0-update_4
- version/java development kit (jdk)/1.6.0-update_5
- version/java development kit (jdk)/1.6.0-update_6
- version/java development kit (jdk)/1.6.0-update_7
- version/java development kit (jdk)/1.6.0-update1
- version/java development kit (jdk)/1.6.0-update1_b06
- version/java development kit (jdk)/1.6.0-update2