CVE-2013-2415
OpenJDK: temporary files created with insecure permissions (JAX-WS, 8003542)
Severity Score
Exploit Likelihood
Affected Versions
28Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "processing of MTOM attachments" and the creation of temporary files with weak permissions.
La vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los usuarios locales afectar a la confidencialidad por medio de vectores relacionados con JAX-WS. NOTA: la información anterior procede de la CPU de abril de 2013. Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado con el "processing of MTOM attachments" y la creación de archivos temporales con permisos débiles.
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-03-05 CVE Reserved
- 2013-04-17 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (21)
URL | Date | SRC |
---|
URL | Date | SRC |
---|