What is the severity of CVE-2013-2461?

The severity of CVE-2013-2461 is classified as high due to its potential impact on XML signature verification.

How do I fix CVE-2013-2461?

To fix CVE-2013-2461, update your Java Runtime Environment or Oracle JDK to the latest version, which contains the necessary security patches.

What versions are affected by CVE-2013-2461?

CVE-2013-2461 affects Oracle JDK versions 1.6.0-update22 through 1.6.0-update43 and certain Oracle JRE 1.7.0 versions.

What is the risk of CVE-2013-2461 for my applications?

The risk of CVE-2013-2461 is that a remote attacker might exploit it to bypass XML signature verification, potentially compromising data integrity.

Is there a workaround for CVE-2013-2461?

There are no officially documented workarounds for CVE-2013-2461, making an update the recommended action.

Vulnerability/
CVE-2013-2461

high

7.5

17/6/2013

18/6/2013

13/5/2022

CVE-2013-2461

First published: Mon Jun 17 2013(Updated: )

It was discovered that the DOMCanonicalizationMethod did not properly verify the canonicalization algorithm. A remote attacker could possibly exploit this flaw to bypass correct XML signature verification.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle JDK 6	=1.6.0-update22
Oracle JDK 6	=1.6.0-update23
Oracle JDK 6	=1.6.0-update24
Oracle JDK 6	=1.6.0-update25
Oracle JDK 6	=1.6.0-update26
Oracle JDK 6	=1.6.0-update27
Oracle JDK 6	=1.6.0-update29
Oracle JDK 6	=1.6.0-update30
Oracle JDK 6	=1.6.0-update31
Oracle JDK 6	=1.6.0-update32
Oracle JDK 6	=1.6.0-update33
Oracle JDK 6	=1.6.0-update34
Oracle JDK 6	=1.6.0-update35
Oracle JDK 6	=1.6.0-update37
Oracle JDK 6	=1.6.0-update38
Oracle JDK 6	=1.6.0-update39
Oracle JDK 6	=1.6.0-update41
Oracle JDK 6	=1.6.0-update43
OpenJDK	=1.6.0
OpenJDK	=1.6.0-update_10
OpenJDK	=1.6.0-update_11
OpenJDK	=1.6.0-update_12
OpenJDK	=1.6.0-update_13
OpenJDK	=1.6.0-update_14
OpenJDK	=1.6.0-update_15
OpenJDK	=1.6.0-update_16
OpenJDK	=1.6.0-update_17
OpenJDK	=1.6.0-update_18
OpenJDK	=1.6.0-update_19
OpenJDK	=1.6.0-update_20
OpenJDK	=1.6.0-update_21
OpenJDK	=1.6.0-update_3
OpenJDK	=1.6.0-update_4
OpenJDK	=1.6.0-update_5
OpenJDK	=1.6.0-update_6
OpenJDK	=1.6.0-update_7
OpenJDK	=1.6.0-update1
OpenJDK	=1.6.0-update1_b06
OpenJDK	=1.6.0-update2
Oracle Java Runtime Environment (JRE)	=1.7.0
Oracle Java Runtime Environment (JRE)	=1.7.0-update1
Oracle Java Runtime Environment (JRE)	=1.7.0-update10
Oracle Java Runtime Environment (JRE)	=1.7.0-update11
Oracle Java Runtime Environment (JRE)	=1.7.0-update13
Oracle Java Runtime Environment (JRE)	=1.7.0-update15
Oracle Java Runtime Environment (JRE)	=1.7.0-update17
Oracle Java Runtime Environment (JRE)	=1.7.0-update2
Oracle Java Runtime Environment (JRE)	=1.7.0-update3
Oracle Java Runtime Environment (JRE)	=1.7.0-update4
Oracle Java Runtime Environment (JRE)	=1.7.0-update5
Oracle Java Runtime Environment (JRE)	=1.7.0-update6
Oracle Java Runtime Environment (JRE)	=1.7.0-update7
Oracle Java Runtime Environment (JRE)	=1.7.0-update9
BEA JRockit	>=r27.7.1<=r27.7.5
BEA JRockit	>=r28.0.0<=r28.2.7
OpenJDK 17	=1.7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2461?
The severity of CVE-2013-2461 is classified as high due to its potential impact on XML signature verification.
How do I fix CVE-2013-2461?
To fix CVE-2013-2461, update your Java Runtime Environment or Oracle JDK to the latest version, which contains the necessary security patches.
What versions are affected by CVE-2013-2461?
CVE-2013-2461 affects Oracle JDK versions 1.6.0-update22 through 1.6.0-update43 and certain Oracle JRE 1.7.0 versions.
What is the risk of CVE-2013-2461 for my applications?
The risk of CVE-2013-2461 is that a remote attacker might exploit it to bypass XML signature verification, potentially compromising data integrity.
Is there a workaround for CVE-2013-2461?
There are no officially documented workarounds for CVE-2013-2461, making an update the recommended action.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/references
agent/severity
agent/author
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-2461
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/oracle
canonical/oracle jdk 6
version/oracle jdk 6/1.6.0-update22
version/oracle jdk 6/1.6.0-update23
version/oracle jdk 6/1.6.0-update24
version/oracle jdk 6/1.6.0-update25
version/oracle jdk 6/1.6.0-update26
version/oracle jdk 6/1.6.0-update27
version/oracle jdk 6/1.6.0-update29
version/oracle jdk 6/1.6.0-update30
version/oracle jdk 6/1.6.0-update31
version/oracle jdk 6/1.6.0-update32
version/oracle jdk 6/1.6.0-update33
version/oracle jdk 6/1.6.0-update34
version/oracle jdk 6/1.6.0-update35
version/oracle jdk 6/1.6.0-update37
version/oracle jdk 6/1.6.0-update38
version/oracle jdk 6/1.6.0-update39
version/oracle jdk 6/1.6.0-update41
version/oracle jdk 6/1.6.0-update43
vendor/sun
canonical/openjdk
version/openjdk/1.6.0
version/openjdk/1.6.0-update_10
version/openjdk/1.6.0-update_11
version/openjdk/1.6.0-update_12
version/openjdk/1.6.0-update_13
version/openjdk/1.6.0-update_14
version/openjdk/1.6.0-update_15
version/openjdk/1.6.0-update_16
version/openjdk/1.6.0-update_17
version/openjdk/1.6.0-update_18
version/openjdk/1.6.0-update_19
version/openjdk/1.6.0-update_20
version/openjdk/1.6.0-update_21
version/openjdk/1.6.0-update_3
version/openjdk/1.6.0-update_4
version/openjdk/1.6.0-update_5
version/openjdk/1.6.0-update_6
version/openjdk/1.6.0-update_7
version/openjdk/1.6.0-update1
version/openjdk/1.6.0-update1_b06
version/openjdk/1.6.0-update2
canonical/oracle java runtime environment (jre)
version/oracle java runtime environment (jre)/1.7.0
version/oracle java runtime environment (jre)/1.7.0-update1
version/oracle java runtime environment (jre)/1.7.0-update10
version/oracle java runtime environment (jre)/1.7.0-update11
version/oracle java runtime environment (jre)/1.7.0-update13
version/oracle java runtime environment (jre)/1.7.0-update15
version/oracle java runtime environment (jre)/1.7.0-update17
version/oracle java runtime environment (jre)/1.7.0-update2
version/oracle java runtime environment (jre)/1.7.0-update3
version/oracle java runtime environment (jre)/1.7.0-update4
version/oracle java runtime environment (jre)/1.7.0-update5
version/oracle java runtime environment (jre)/1.7.0-update6
version/oracle java runtime environment (jre)/1.7.0-update7
version/oracle java runtime environment (jre)/1.7.0-update9
canonical/bea jrockit
version/bea jrockit/r27.7.1
version/bea jrockit/r27.7.5
version/bea jrockit/r28.0.0
version/bea jrockit/r28.2.7
canonical/openjdk 17
version/openjdk 17/1.7.0