What is the severity of CVE-2013-2415?

CVE-2013-2415 has been rated as having a moderate severity due to the potential for local attacks on insecure temporary files.

How do I fix CVE-2013-2415?

To fix CVE-2013-2415, ensure that your application is updated to a version of JAX-WS or JRE that addresses the vulnerability, such as icedtea6 version 1.11.11 or icedtea7 version 2.3.9.

Which versions are affected by CVE-2013-2415?

CVE-2013-2415 affects multiple versions of Oracle Java SE 7, including update 1 through update 15, as well as specific versions of IcedTea.

Who can be impacted by CVE-2013-2415?

Local attackers with access to the system can exploit CVE-2013-2415 to gain unauthorized access to insecure temporary files.

Is there a workaround for CVE-2013-2415 before I can update?

As a temporary measure, secure the permissions for temporary file directories used by applications to mitigate potential access risks until a patch can be applied.

Vulnerability/
CVE-2013-2415

low

2.1

15/4/2013

17/4/2013

29/9/2019

CVE-2013-2415

First published: Mon Apr 15 2013(Updated: )

It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
redhat/icedtea6	<1.11.11	1.11.11
redhat/icedtea6	<1.12.5	1.12.5
redhat/icedtea7	<2.3.9	2.3.9
Oracle Java Runtime Environment (JRE)	<=1.7.0
Oracle Java Runtime Environment (JRE)	=1.7.0
Oracle Java Runtime Environment (JRE)	=1.7.0-update1
Oracle Java Runtime Environment (JRE)	=1.7.0-update10
Oracle Java Runtime Environment (JRE)	=1.7.0-update11
Oracle Java Runtime Environment (JRE)	=1.7.0-update13
Oracle Java Runtime Environment (JRE)	=1.7.0-update15
Oracle Java Runtime Environment (JRE)	=1.7.0-update2
Oracle Java Runtime Environment (JRE)	=1.7.0-update3
Oracle Java Runtime Environment (JRE)	=1.7.0-update4
Oracle Java Runtime Environment (JRE)	=1.7.0-update5
Oracle Java Runtime Environment (JRE)	=1.7.0-update6
Oracle Java Runtime Environment (JRE)	=1.7.0-update7
Oracle Java Runtime Environment (JRE)	=1.7.0-update9
Oracle JDK 6	<=1.7.0
Oracle JDK 6	=1.7.0
Oracle JDK 6	=1.7.0-update1
Oracle JDK 6	=1.7.0-update10
Oracle JDK 6	=1.7.0-update11
Oracle JDK 6	=1.7.0-update13
Oracle JDK 6	=1.7.0-update15
Oracle JDK 6	=1.7.0-update2
Oracle JDK 6	=1.7.0-update3
Oracle JDK 6	=1.7.0-update4
Oracle JDK 6	=1.7.0-update5
Oracle JDK 6	=1.7.0-update6
Oracle JDK 6	=1.7.0-update7
Oracle JDK 6	=1.7.0-update9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2415?
CVE-2013-2415 has been rated as having a moderate severity due to the potential for local attacks on insecure temporary files.
How do I fix CVE-2013-2415?
To fix CVE-2013-2415, ensure that your application is updated to a version of JAX-WS or JRE that addresses the vulnerability, such as icedtea6 version 1.11.11 or icedtea7 version 2.3.9.
Which versions are affected by CVE-2013-2415?
CVE-2013-2415 affects multiple versions of Oracle Java SE 7, including update 1 through update 15, as well as specific versions of IcedTea.
Who can be impacted by CVE-2013-2415?
Local attackers with access to the system can exploit CVE-2013-2415 to gain unauthorized access to insecure temporary files.
Is there a workaround for CVE-2013-2415 before I can update?
As a temporary measure, secure the permissions for temporary file directories used by applications to mitigate potential access risks until a patch can be applied.

collector/redhat-bugzilla
alias/CVE-2013-2415
agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/severity
agent/author
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/oracle
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.7.0
version/oracle java runtime environment (jre)/1.7.0-update1
version/oracle java runtime environment (jre)/1.7.0-update10
version/oracle java runtime environment (jre)/1.7.0-update11
version/oracle java runtime environment (jre)/1.7.0-update13
version/oracle java runtime environment (jre)/1.7.0-update15
version/oracle java runtime environment (jre)/1.7.0-update2
version/oracle java runtime environment (jre)/1.7.0-update3
version/oracle java runtime environment (jre)/1.7.0-update4
version/oracle java runtime environment (jre)/1.7.0-update5
version/oracle java runtime environment (jre)/1.7.0-update6
version/oracle java runtime environment (jre)/1.7.0-update7
version/oracle java runtime environment (jre)/1.7.0-update9
canonical/oracle jdk 6
version/oracle jdk 6/1.7.0
version/oracle jdk 6/1.7.0-update1
version/oracle jdk 6/1.7.0-update10
version/oracle jdk 6/1.7.0-update11
version/oracle jdk 6/1.7.0-update13
version/oracle jdk 6/1.7.0-update15
version/oracle jdk 6/1.7.0-update2
version/oracle jdk 6/1.7.0-update3
version/oracle jdk 6/1.7.0-update4
version/oracle jdk 6/1.7.0-update5
version/oracle jdk 6/1.7.0-update6
version/oracle jdk 6/1.7.0-update7
version/oracle jdk 6/1.7.0-update9

CVE-2013-2415

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2415?

How do I fix CVE-2013-2415?

Which versions are affected by CVE-2013-2415?

Who can be impacted by CVE-2013-2415?

Is there a workaround for CVE-2013-2415 before I can update?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-2415?

How do I fix CVE-2013-2415?

Which versions are affected by CVE-2013-2415?

Who can be impacted by CVE-2013-2415?

Is there a workaround for CVE-2013-2415 before I can update?