Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 28, 2022.

The EPSS score is 0.9356.

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Oracle Subscribe
Jre Subscribe
Redhat Subscribe
Enterprise Linux Subscribe
Network Satellite Subscribe
Rhel Extras Subscribe
Rhel Extras Oracle Java Subscribe
Sun Subscribe
Jre Subscribe
Suse Subscribe
Linux Enterprise Desktop Subscribe
Linux Enterprise Java Subscribe
Linux Enterprise Server Subscribe
Linux Enterprise Software Development Kit Subscribe

Configuration 1 [-]

OR cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update45:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.6.0:update_9:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:jre:1.5.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update36:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update38:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update39:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update40:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update41:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.5.0:update45:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update16:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update17:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update18:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update19:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update20:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update21:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update22:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update23:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update24:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update25:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update26:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update27:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update28:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update29:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update31:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update33:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update9:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:10:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_java:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
Package CPE Advisory Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.75-1jpp.3.el5_10 cpe:/a:redhat:rhel_extras_oracle_java:5 RHSA-2014:0414 2014-04-17T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.75-1jpp.1.el6_5 cpe:/a:redhat:rhel_extras_oracle_java:6 RHSA-2014:0414 2014-04-17T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.25-2.3.10.4.el5_9 cpe:/o:redhat:enterprise_linux:5 RHSA-2013:0958 2013-06-20T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.0-1.41.1.11.11.90.el5_9 cpe:/o:redhat:enterprise_linux:5 RHSA-2013:1014 2013-07-03T00:00:00Z
Red Hat Enterprise Linux 6
java-1.7.0-openjdk-1:1.7.0.25-2.3.10.3.el6_4 cpe:/o:redhat:enterprise_linux:6 RHSA-2013:0957 2013-06-19T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.0-1.62.1.11.11.90.el6_4 cpe:/o:redhat:enterprise_linux:6 RHSA-2013:1014 2013-07-03T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:network_satellite:5.4::el5 RHSA-2013:1455 2013-10-23T00:00:00Z
Red Hat Network Satellite Server v 5.5
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:network_satellite:5.5::el5 RHSA-2013:1456 2013-10-23T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.25-1jpp.1.el5_9 cpe:/a:redhat:rhel_extras:5 RHSA-2013:0963 2013-06-20T00:00:00Z
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el5_9 cpe:/a:redhat:rhel_extras:5 RHSA-2013:1059 2013-07-15T00:00:00Z
java-1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el5_9 cpe:/a:redhat:rhel_extras:5 RHSA-2013:1060 2013-07-15T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el5_9 cpe:/a:redhat:rhel_extras:5 RHSA-2013:1081 2013-07-16T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.25-1jpp.1.el6_4 cpe:/a:redhat:rhel_extras:6 RHSA-2013:0963 2013-06-20T00:00:00Z
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4 cpe:/a:redhat:rhel_extras:6 RHSA-2013:1059 2013-07-15T00:00:00Z
java-1.7.0-ibm-1:1.7.0.5.0-1jpp.2.el6_4 cpe:/a:redhat:rhel_extras:6 RHSA-2013:1060 2013-07-15T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.3-1jpp.1.el6_4 cpe:/a:redhat:rhel_extras:6 RHSA-2013:1081 2013-07-16T00:00:00Z

No data.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-2722-1 openjdk-7 security update
Debian DSA Debian DSA DSA-2727-1 openjdk-6 security update
Ubuntu USN Ubuntu USN USN-1907-1 OpenJDK 7 vulnerabilities
Ubuntu USN Ubuntu USN USN-1908-1 OpenJDK 6 vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://advisories.mageia.org/MGASA-2013-0185.html cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 cve-icon cve-icon
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=137545505800971&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=137545592101387&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-0963.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1059.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1060.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1081.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1455.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1456.html cve-icon cve-icon
http://secunia.com/advisories/54154 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-201406-32.xml cve-icon cve-icon
http://www-01.ibm.com/support/docview.wss?uid=swg21642336 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html cve-icon cve-icon cve-icon
http://www.securityfocus.com/bid/60657 cve-icon cve-icon
http://www.us-cert.gov/ncas/alerts/TA13-169A cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2014:0414 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=975118 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-2465 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2465 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-2465 cve-icon
https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability cve-icon
https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability cve-icon
History

Wed, 22 Oct 2025 10:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 05:30:00 +0900

Type Values Removed Values Added
References

Wed, 22 Oct 2025 04:30:00 +0900

Type Values Removed Values Added
References

Wed, 07 May 2025 03:30:00 +0900

Type Values Removed Values Added
References

Tue, 11 Feb 2025 04:15:00 +0900

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

kev

{'dateAdded': '2022-03-28'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 08:45:00 +0900

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2025-10-22T00:05:41.755Z

Reserved: 2013-03-05T00:00:00.000Z

Link: CVE-2013-2465

cve-icon Vulnrichment

Updated: 2025-05-06T17:15:03.175Z

cve-icon NVD

Status : Deferred

Published: 2013-06-18T22:55:02.807

Modified: 2025-10-22T01:15:49.327

Link: CVE-2013-2465

cve-icon Redhat

Severity : Critical

Publid Date: 2013-06-18T00:00:00Z

Links: CVE-2013-2465 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses